RE: Flow label and its uses

["Vishwas Manral" <Vishwas@sinett.com>]

Brian,

That is exactly what I am trying to say too. For cases where we need to
do deep packet inspection, if we could guarantee the flow label is not
mutable etc it could be used. Examples of which could be IPsec, though
it is not currently done that way.

Regarding Alain Durand's question, I agree the field is just as mutable
as the DSCP field or any other field in the outer header. Currently in
IPsec to identify an outgoing SA we could use the protocol as well as
port numbers (an SA for an application) and in a few cases we may not
have all the inner header information. Having a flow Label helps in this
case.

We could have protected it using AH. However for backward compatibility
reasons this is not done (as has been pointed out earlier by Fred).

Using flow label could make the work of on-path devices which do deeper
packet inspection in some cases easier.

Thanks,
Vishwas
-----Original Message-----
From: Brian E Carpenter [mailto:brc@zurich.ibm.com] 
Sent: Friday, January 20, 2006 6:00 PM
To: Vishwas Manral
Cc: Pekka Savola; Bora Akyol; Fred Baker; v6ops@ops.ietf.org
Subject: Re: Flow label and its uses

Vishwas Manral wrote:
>...  I am sure things like load balancing which require
> deeper packet inspection can also be done.

The whole point is that you will not need deep packet inspection
if the flow label is set by the source.

    Brian