[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Flow label and its uses

To: "Gunter Van de Velde \(gvandeve\)" <gvandeve@cisco.com>, <v6ops@ops.ietf.org>
Subject: RE: Flow label and its uses
From: "Vishwas Manral" <Vishwas@sinett.com>
Date: Sun, 22 Jan 2006 20:46:53 -0800

Hi Gunter,

Let me answer you, if I understand the questions you raise correctly.

Currently Load Balancing could be done based on the 5-tuple fields in
the packet. However in case the fields are not available we could fall
to some default criteria. With the flow-label present, we could instead
use the Source-IP, Destination-IP and the flow label. These would be
present in all IP packets.

I agree flow-label should be used as an identifier for a flow (as the
name suggests).

Thanks,
Vishwas

-----Original Message-----
From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On
Behalf Of Gunter Van de Velde (gvandeve)
Sent: Saturday, January 21, 2006 5:22 PM
To: v6ops@ops.ietf.org
Subject: RE: Flow label and its uses

So in an ideal world where everything behind the IPSec header is
encrypted (if that ever would be the case) .... then how to do
load-balancing as Brian suggest? Maybe the flow-label needs
to be *just* an identifier without further meaning? In that
case it does make sense that its unchanged between end-2-end.

I don't see why it has to be an extension to DSCP? DSCP provides
a mechanism to give an indication how the traffic would like to be
treated
while flow label could give an indication of flow without knowing the
upper
layer details. These are different operations i think.

G/

At 00:54 21/01/2006 -0800, Vishwas Manral wrote:
>Brian,
>
>That is exactly what I am trying to say too. For cases where we need to
>do deep packet inspection, if we could guarantee the flow label is not
>mutable etc it could be used. Examples of which could be IPsec, though
>it is not currently done that way.
>
>Regarding Alain Durand's question, I agree the field is just as mutable
>as the DSCP field or any other field in the outer header. Currently in
>IPsec to identify an outgoing SA we could use the protocol as well as
>port numbers (an SA for an application) and in a few cases we may not
>have all the inner header information. Having a flow Label helps in
this
>case.
>
>We could have protected it using AH. However for backward compatibility
>reasons this is not done (as has been pointed out earlier by Fred).
>
>Using flow label could make the work of on-path devices which do deeper
>packet inspection in some cases easier.
>
>Thanks,
>Vishwas
>-----Original Message-----
>From: Brian E Carpenter [mailto:brc@zurich.ibm.com]
>Sent: Friday, January 20, 2006 6:00 PM
>To: Vishwas Manral
>Cc: Pekka Savola; Bora Akyol; Fred Baker; v6ops@ops.ietf.org
>Subject: Re: Flow label and its uses
>
>Vishwas Manral wrote:
> >...  I am sure things like load balancing which require
> > deeper packet inspection can also be done.
>
>The whole point is that you will not need deep packet inspection
>if the flow label is set by the source.
>
>     Brian

Prev by Date: Re: Flow label and its uses
Next by Date: RE: Flow label and its uses
Previous by thread: RE: Flow label and its uses
Next by thread: RE: Flow label and its uses
Index(es):
- Date
- Thread