[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Flow label and its uses

So in an ideal world where everything behind the IPSec header is
encrypted (if that ever would be the case) .... then how to do
load-balancing as Brian suggest? Maybe the flow-label needs
to be *just* an identifier without further meaning? In that
case it does make sense that its unchanged between end-2-end.

I don't see why it has to be an extension to DSCP? DSCP provides
a mechanism to give an indication how the traffic would like to be treated
while flow label could give an indication of flow without knowing the upper
layer details. These are different operations i think.

G/



At 00:54 21/01/2006 -0800, Vishwas Manral wrote:

Brian,

That is exactly what I am trying to say too. For cases where we need to
do deep packet inspection, if we could guarantee the flow label is not
mutable etc it could be used. Examples of which could be IPsec, though
it is not currently done that way.

Regarding Alain Durand's question, I agree the field is just as mutable
as the DSCP field or any other field in the outer header. Currently in
IPsec to identify an outgoing SA we could use the protocol as well as
port numbers (an SA for an application) and in a few cases we may not
have all the inner header information. Having a flow Label helps in this
case.

We could have protected it using AH. However for backward compatibility
reasons this is not done (as has been pointed out earlier by Fred).

Using flow label could make the work of on-path devices which do deeper
packet inspection in some cases easier.

Thanks,
Vishwas
-----Original Message-----
From: Brian E Carpenter [mailto:brc@zurich.ibm.com]
Sent: Friday, January 20, 2006 6:00 PM
To: Vishwas Manral
Cc: Pekka Savola; Bora Akyol; Fred Baker; v6ops@ops.ietf.org
Subject: Re: Flow label and its uses

Vishwas Manral wrote:
>...  I am sure things like load balancing which require
> deeper packet inspection can also be done.

The whole point is that you will not need deep packet inspection
if the flow label is set by the source.

    Brian