[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [IPsec] Questions for draft-ponchon-ipsecme-anti-replay-subspaces
From: Aseem Choudhary <achoudhary=40aviatrix.com () dmarc ! ietf ! org>
Date: 2023-10-30 3:30:54
Message-ID: MW3PR11MB469703DDF586BF97899B6CFBABDFA () MW3PR11MB4697 ! namprd11 ! prod ! outlook ! com
[Download RAW message or body]
Hi Pierre,
Thanks for the response! This solution simplifies quite a bit.
I hope to see adoption call soon.
-thanks,
Aseem
From: Pierre Pfister (ppfister) <ppfister@cisco.com>
Date: Monday, October 23, 2023 at 5:31 AM
To: Aseem Choudhary <achoudhary@aviatrix.com>, Paul Ponchon (pponchon) <ppo=
nchon@cisco.com>, draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.=
org <draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org>
Cc: ipsec@ietf.org <ipsec@ietf.org>
Subject: Re: Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Hello Aseem,
Apologies for the late reply.
Section 4.2 doesn't really go in full details regarding subspace ID selecti=
on because it would really depend on the implementation. Some uses of the s=
ubspaces are for cases with many-cores, others for many-paths, other for Qo=
S, or a combination of these. There could be one subspace allocated per cor=
e,path,qos combination, but that can end-up being a lot of subspaces. Imple=
mentations could use a reduced set of subspaces and distribute over them us=
ing round-robin, or hashing. We felt adding too much details there would un=
necessarily complicate the standard with implementation-specific details.
In the particular case of QoS, you could for instance use one subspace per =
QoS class. The receiver would be able to process packets from different QoS=
classes out-of-order without causing any anti-replay detection failure.
Thanks
De : Aseem Choudhary <achoudhary@aviatrix.com>
Date : vendredi, 6 octobre 2023 =E0 23:10
=C0 : Paul Ponchon (pponchon) <pponchon@cisco.com>, draft-ponchon-ipsecme-a=
nti-replay-subspaces.authors@ietf.org <draft-ponchon-ipsecme-anti-replay-su=
bspaces.authors@ietf.org>
Cc : ipsec@ietf.org <ipsec@ietf.org>
Objet : Re: Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Hi Paul,
Further to this discussion, section 4.2 =93Sender Behavior=94 doesn=92t tal=
k about how subspace ID will be calculated. Like, for QoS, how a unique sub=
space-id can be mapped to a queue-id with some of QoS pipeline (classificat=
ion, shaping etc) procedures. I think section 4.2 should describe it a bit.=
But, if not in section 4.2, can it be described in section 6 and for the I=
mplementation, in some more details in section 6.2?
For some of the QoS solutions (like local video CAC<https://www.cisco.com/c=
/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/qos/configuration/guide/=
b-qos-cg-asr9000-64x/b-qos-cg-asr9000-64x_chapter_01010.html> with redirect=
), queue may be selected based on availability of bandwidth.
Also, section 4.6 talks about per-QoS-queue, per-path and per-core but sect=
ion 6 only mention multi-path and multi-core.
Describing more on QoS behavior will certainly help.
-thanks,
Aseem
From: Aseem Choudhary <achoudhary@aviatrix.com>
Date: Monday, August 14, 2023 at 10:55 AM
To: Paul Ponchon (pponchon) <pponchon@cisco.com>, draft-ponchon-ipsecme-ant=
i-replay-subspaces.authors@ietf.org <draft-ponchon-ipsecme-anti-replay-subs=
paces.authors@ietf.org>
Cc: ipsec@ietf.org <ipsec@ietf.org>
Subject: Re: Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Thanks Paul, appreciate your response!
From: Paul Ponchon (pponchon) <pponchon@cisco.com>
Date: Monday, August 14, 2023 at 10:00 AM
To: Aseem Choudhary <achoudhary@aviatrix.com>, draft-ponchon-ipsecme-anti-r=
eplay-subspaces.authors@ietf.org <draft-ponchon-ipsecme-anti-replay-subspac=
es.authors@ietf.org>
Cc: ipsec@ietf.org <ipsec@ietf.org>
Subject: Re: Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Hi Aseem,
Thanks for your questions.
1. Yes, you're correct there is still reordering potentially happening betw=
een the endpoints of the tunnel. However, the intention behind using the su=
bspace is to limit the potential reordering of packets at the tunnel endpoi=
nts. By assigning packets to specific subspaces based on factors such as CP=
U core or QoS, the aim is to manage and mitigate the reordering within each=
subspace, thereby improving the utilisation of multiple cores and QoS clas=
ses at the endpoint. The reordering happening in between the endpoint is le=
ss easily controllable and just like with using an SA today, would be handl=
ed by the replay window of each subspaces but they don=92t need to be very =
big.
2. At the moment, we are leaning towards not splitting the subspace for CPU=
and QoS, as this could introduce unnecessary complexity and overhead in ma=
intaining and managing unused subspaces. We however don=92t impose any cons=
traint on how to use the subspace IDs as long as they are between 0 and <ma=
x negotiated subspaces> - 1. We are actively exploring the best approach to=
distributing the subspaces between sender and receiver. Any insights or su=
ggestions from the community on this matter would be highly appreciated.
3. While we haven't implemented this solution with strongSwan, we are curre=
ntly working on an implementation for the IPsec stack of VPP. We have updat=
ed the latest version of the draft to reflect what we found during the impl=
ementation. While the main focus remains on defining a proper way to distri=
bute subspaces to maximise the performance and compatibility aspects in the=
open-source implementation.
Thank you for your feedback and questions. We appreciate your interest and =
welcome any additional input or insights you may have.
Paul
Aseem Choudhary <achoudhary@aviatrix.com> writes:
Hello Authors,
Thanks for writing the document. It is good work!
Few questions:
1. Looks like packet mapping to subspaces either for the CPU core or =
QoS or combination is tunnel source local decision. Since packet along the =
path can be marked/remarked reclassified, mapped to different queues, reord=
ering is still possible.
2. Since subspace is 16 bit, any plan/suggestion favor/against to spl=
it space for CPU and QoS?
3. Any implementation experience/plan with strongSwan?
-thanks,
Aseem
[Attachment #3 (text/html)]
<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Monaco;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-ligatures:none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1835488891;
mso-list-type:hybrid;
mso-list-template-ids:1387011280 67698703 67698713 67698715 67698703 67698713 \
67698715 67698703 67698713 67698715;} @list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Pierre,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks for the response! This \
solution simplifies quite a bit.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt">I hope to see adoption call soon. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">-thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Aseem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span lang="FR" \
style="font-size:12.0pt;color:black">From: </span></b><span lang="FR" \
style="font-size:12.0pt;color:black">Pierre Pfister (ppfister) \
<ppfister@cisco.com><br> <b>Date: </b>Monday, October 23, 2023 at 5:31 AM<br>
<b>To: </b>Aseem Choudhary <achoudhary@aviatrix.com>, Paul Ponchon (pponchon) \
<pponchon@cisco.com>, \
draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org \
<draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org><br> <b>Cc: \
</b>ipsec@ietf.org <ipsec@ietf.org><br> <b>Subject: </b>Re: Questions for \
draft-ponchon-ipsecme-anti-replay-subspaces<o:p></o:p></span></p> </div>
<p class="MsoNormal"><span style="font-size:11.0pt">Hello Aseem,</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:11.0pt">Apologies for the late \
reply.</span><span lang="FR"><o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:11.0pt">Section 4.2 doesn't really go in \
full details regarding subspace ID selection because it would really depend on the \
implementation. Some uses of the subspaces are for cases with many-cores, others for \
many-paths, other for QoS, or a combination of these. There could be one subspace \
allocated per core,path,qos combination, but that can end-up being a lot of \
subspaces. Implementations could use a reduced set of subspaces and distribute over \
them using round-robin, or hashing. We felt adding too much details there would \
unnecessarily complicate the standard with implementation-specific \
details.</span><span lang="FR"><o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:11.0pt">In the particular case of QoS, you \
could for instance use one subspace per QoS class. The receiver would be able to \
process packets from different QoS classes out-of-order without causing any \
anti-replay detection failure.</span><span lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt">Thanks</span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <div \
id="mail-editor-reference-message-container"> <div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" \
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:35.4pt">
<b><span style="font-size:12.0pt;color:black">De : </span></b><span \
style="font-size:12.0pt;color:black">Aseem Choudhary \
<achoudhary@aviatrix.com><br> <b>Date : </b>vendredi, 6 octobre 2023 à \
23:10<br> <b>À : </b>Paul Ponchon (pponchon) <pponchon@cisco.com>, \
draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org \
<draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org><br> <b>Cc : \
</b>ipsec@ietf.org <ipsec@ietf.org><br> <b>Objet : </b>Re: Questions for \
draft-ponchon-ipsecme-anti-replay-subspaces</span><span \
lang="FR"><o:p></o:p></span></p> </div>
<p class="MsoNormal" style="margin-left:35.4pt"><span style="font-size:11.0pt">Hi \
Paul,</span><span lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt">Further to this discussion, \
section 4.2 “Sender Behavior” doesn’t talk about how subspace ID will be calculated. \
Like, for QoS, how a unique subspace-id can be mapped to a queue-id with some of QoS \
pipeline (classification, shaping etc) procedures. I think section 4.2 should \
describe it a bit. But, if not in section 4.2, can it be described in section 6 and \
for the Implementation, in some more details in section 6.2?</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt">For some of the QoS \
solutions (like local </span><a \
href="https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/qos/co \
nfiguration/guide/b-qos-cg-asr9000-64x/b-qos-cg-asr9000-64x_chapter_01010.html"><span \
style="font-size:11.0pt">video CAC</span></a><span style="font-size:11.0pt"> with \
redirect), queue may be selected based on availability of bandwidth.</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <pre \
style="margin-left:35.4pt;background:white"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Also, \
section 4.6 talks about </span><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#212529">per-QoS-queue, \
per-path and per-core but section 6 only mention multi-path and multi-core. \
</span><span lang="FR"><o:p></o:p></span></pre> <pre \
style="margin-left:35.4pt;background:white"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#212529">Describing \
more on QoS behavior will certainly help.</span><span \
lang="FR"><o:p></o:p></span></pre> <pre \
style="margin-left:35.4pt;background:white"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#212529"> </span><span \
lang="FR"><o:p></o:p></span></pre> <pre \
style="margin-left:35.4pt;background:white"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#212529">-thanks,</span><span \
lang="FR"><o:p></o:p></span></pre> <pre \
style="margin-left:35.4pt;background:white"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#212529">Aseem</span><span \
lang="FR"><o:p></o:p></span></pre> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <div style="border:none;border-top:solid #B5C4DF \
1.0pt;padding:3.0pt 0in 0in 0in"> <p class="MsoNormal" \
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:35.4pt">
<b><span style="font-size:12.0pt;color:black">From: </span></b><span \
style="font-size:12.0pt;color:black">Aseem Choudhary \
<achoudhary@aviatrix.com><br> <b>Date: </b>Monday, August 14, 2023 at 10:55 \
AM<br> <b>To: </b>Paul Ponchon (pponchon) <pponchon@cisco.com>, \
draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org \
<draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org><br> <b>Cc: \
</b>ipsec@ietf.org <ipsec@ietf.org><br> <b>Subject: </b>Re: Questions for \
draft-ponchon-ipsecme-anti-replay-subspaces</span><span \
lang="FR"><o:p></o:p></span></p> </div>
<p class="MsoNormal" style="margin-left:35.4pt"><span style="font-size:11.0pt">Thanks \
Paul, appreciate your response! </span><span lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"> <p \
class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:35.4pt">
<b><span style="font-size:12.0pt;color:black">From: </span></b><span \
style="font-size:12.0pt;color:black">Paul Ponchon (pponchon) \
<pponchon@cisco.com><br> <b>Date: </b>Monday, August 14, 2023 at 10:00 AM<br>
<b>To: </b>Aseem Choudhary <achoudhary@aviatrix.com>, \
draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org \
<draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org><br> <b>Cc: \
</b>ipsec@ietf.org <ipsec@ietf.org><br> <b>Subject: </b>Re: Questions for \
draft-ponchon-ipsecme-anti-replay-subspaces</span><span \
lang="FR"><o:p></o:p></span></p> </div>
<p class="MsoNormal" style="margin-left:35.4pt"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">Hi Aseem,</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">Thanks for your \
questions.</span><span lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">1. Yes, you're \
correct there is still reordering potentially happening between the endpoints of the \
tunnel. However, the intention behind using the subspace is to limit the potential \
reordering of packets at the tunnel endpoints. By assigning packets to specific \
subspaces based on factors such as CPU core or QoS, the aim is to manage and mitigate \
the reordering within each subspace, thereby improving the utilisation of multiple \
cores and QoS classes at the endpoint. The reordering happening in between the \
endpoint is less easily controllable and just like with using an SA today, would be \
handled by the replay window of each subspaces but they don’t need to be very \
big.</span><span lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">2. At the moment, we \
are leaning towards not splitting the subspace for CPU and QoS, as this could \
introduce unnecessary complexity and overhead in maintaining and managing unused \
subspaces. We however don’t impose any constraint on how to use the subspace IDs as \
long as they are between 0 and <max negotiated subspaces> - 1. We are actively \
exploring the best approach to distributing the subspaces between sender and \
receiver. Any insights or suggestions from the community on this matter would be \
highly appreciated.</span><span lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">3. While we haven't \
implemented this solution with strongSwan, we are currently working on an \
implementation for the IPsec stack of VPP. We have updated the latest version of the \
draft to reflect what we found during the implementation. While the main focus \
remains on defining a proper way to distribute subspaces to maximise the performance \
and compatibility aspects in the open-source implementation.</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">Thank you for your \
feedback and questions. We appreciate your interest and welcome any additional input \
or insights you may have.</span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:3.0pt;margin-right:0in;margin-bottom:3.0pt;margin-left:35.4pt">
<span lang="FR" style="font-size:9.0pt;font-family:Monaco;color:#1D1C1D">Paul</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><span style="font-size:11.0pt"> </span><span \
lang="FR"><o:p></o:p></span></p> <div id="mail-editor-reference-message-container">
<div>
<div>
<p class="MsoNormal" style="margin-left:71.4pt"><span style="font-size:11.0pt">Aseem \
Choudhary <achoudhary@aviatrix.com> writes:</span><span \
lang="FR"><o:p></o:p></span></p> </div>
<p class="MsoNormal" style="margin-left:71.4pt"><span \
style="font-size:11.0pt"> </span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal" style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Hello Authors,</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Thanks for writing the \
document. It is good work!</span><span lang="FR"><o:p></o:p></span></p> <p \
class="MsoNormal" style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Few questions:</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoListParagraph" \
style="margin-left:107.4pt;text-indent:-.25in;mso-list:l0 level1 lfo2"> <![if \
!supportLists]><span lang="FR"><span style="mso-list:Ignore">1.<span \
style="font:7.0pt "Times New Roman""> \
</span></span></span><![endif]><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Looks like packet mapping \
to subspaces either for the CPU core or QoS or combination is tunnel source local \
decision. Since packet along the path can be marked/remarked reclassified, mapped to \
different queues, reordering is still possible. </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoListParagraph" \
style="margin-left:107.4pt;text-indent:-.25in;mso-list:l0 level1 lfo2"> <![if \
!supportLists]><span lang="FR"><span style="mso-list:Ignore">2.<span \
style="font:7.0pt "Times New Roman""> \
</span></span></span><![endif]><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Since subspace is 16 bit, \
any plan/suggestion favor/against to split space for CPU and QoS?</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoListParagraph" \
style="margin-left:107.4pt;text-indent:-.25in;mso-list:l0 level1 lfo2"> <![if \
!supportLists]><span lang="FR"><span style="mso-list:Ignore">3.<span \
style="font:7.0pt "Times New Roman""> \
</span></span></span><![endif]><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Any implementation \
experience/plan with strongSwan?</span><span lang="FR"><o:p></o:p></span></p> \
<p class="MsoNormal" style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual"> </span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">-thanks,</span><span \
lang="FR"><o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:71.4pt"><span \
style="font-size:11.0pt;mso-ligatures:standardcontextual">Aseem</span><span \
lang="FR"><o:p></o:p></span></p> </div>
</div>
</div>
</div>
</div>
</body>
</html>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
--===============5909391668493569596==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic