[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Flow label and its uses

To: "Durand, Alain" <Alain_Durand@cable.comcast.com>
Subject: Re: Flow label and its uses
From: Brian E Carpenter <brc@zurich.ibm.com>
Date: Fri, 20 Jan 2006 15:18:12 +0100
Cc: Vishwas@sinett.com, pekkas@netcore.fi, bora@broadcom.com, fred@cisco.com, v6ops@ops.ietf.org
In-reply-to: <6EEEACD9D7F52940BEE26F5467C02C73C2F202@PACDCEXCMB01.cable.comcast.com>
Organization: IBM
References: <6EEEACD9D7F52940BEE26F5467C02C73C2F202@PACDCEXCMB01.cable.comcast.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

You're missing nothing. It's intrinsically forgeable. That is a limit
on the useful use cases.

See section 5.1 of RFC 3697.

   Brian

Durand, Alain wrote:

There is something I never understood about the flow label... In the case someone wants to used it when deep packet inspection is not possible because of IPsec encryption, how can one trust it as this field is NOT protected by IPsec?

What am I missing?

   - Alain.

-----Original Message-----
From: owner-v6ops@ops.ietf.org
To: Brian E Carpenter; Pekka Savola
CC: Bora Akyol; Fred Baker; v6ops@ops.ietf.org
Sent: Fri Jan 20 01:48:53 2006
Subject: RE: Flow label and its uses

Hi,

I agree flow-label if used as a direct one-to-one mapping to a flow

(protocol/ ports) can be of use.

Especially in cases where the upper layer header cannot be derived -
encrypted input, fragments etc and the end-to-end nature of flow label

is there.

This could be used as a selector instead of creating a new SA instead of
OPAQUE for the IPsec RFC4301 case. Changes would be required for RFC4306
for the same too. I am sure things like load balancing which require
deeper packet inspection can also be done.

Thanks,
Vishwas
-----Original Message-----
From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On
Behalf Of Brian E Carpenter
Sent: Thursday, January 19, 2006 7:52 PM
To: Pekka Savola
Cc: Bora Akyol; Fred Baker; v6ops@ops.ietf.org
Subject: Re: Flow label and its uses

Pekka Savola wrote:

Hi,

On Wed, 18 Jan 2006, Bora Akyol wrote:

From a switching hardware perspective, it would be nice
to either define the use of this field as --endpoint only--
or label it "Reserved."

There has been significant time since RFC3697 and the lack
of applications may indicate that this field (with
the exception of NIMROD) may not have a use at all.



I've been watching this discussion with mild puzzlement.

There is (basically) nothing that the routers need to do with the flow

label. Whatever they might end up doing with it would likely mostlyfall under the control plane, so it doesn't need to be put in the


hardware.

No, that's wrong if it gets used in line speed QOS classifiers. That's
what I'd expect in load balancing.

    Brian

So what's the problem? Do you want to try to reuse the "basicallyunused 20 bits" for some local purposes? That's not going to be


allowed.

References:
- Re: Flow label and its uses
  - From: "Durand, Alain" <Alain_Durand@cable.comcast.com>

Prev by Date: Re: Flow label and its uses
Next by Date: RE: Flow label and its uses
Previous by thread: Re: Flow label and its uses
Next by thread: Re: Flow label and its uses
Index(es):
- Date
- Thread