Presentation is loading. Please wait.

Presentation is loading. Please wait.

<draft-lefaucheur-rsvp-ipsec-01

Published byLindsey Glenn Modified over 6 years ago

Similar presentations

Presentation on theme: "<draft-lefaucheur-rsvp-ipsec-01"— Presentation transcript:

1 <draft-lefaucheur-rsvp-ipsec-01
<draft-lefaucheur-rsvp-ipsec-01.txt> Generic Aggregate RSVP Reservations Francois Le Faucheur - F. Le Faucheur, B. Davie Cisco Systems M. Davenport C. Christou Booz Allen Consulting P. Bose Lockheed Martin draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

2 Need for Aggregate Reservations (in Diffserv cloud) for IPsec tunnels
Use Case: Nested VPN (draft-baker-tsvwg-vpn-signaled-preemption-03.txt “QoS Signalling in a Nested VPN”) P1 IPsec VPN Routers R1 R2 R4 P2 Intserv/Diffserv Cloud R7 IPsec tunnel Need for Aggregate Reservations (in Diffserv cloud) for IPsec tunnels R3 R5 End-to-end RSVP reservation R6 IPsec VPNs, with need for end-to-end RSVP reservations:  e2E reservations must be hidden/aggregated over IPsec tunnels  resources must be reserved (by RSVP) in the Diffserv Cloud for traffic carried over a given IPsec tunnel (eg for Voice traffic, for Video traffic) draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

3 Use Case: Parallel Aggregate RSVP Reservations
RSVP Aggregators R1 R2 R4 P2 Agg RSVP Resa : Voice/EF + High Preemption Intserv/Diffserv Cloud R7 End-to-end RSVP reservation + High Prempt R3 R5 R6 Agg RSVP Resa : Voice/EF + Low Preemption Need for Parallel Aggregate Reservations End-to-end RSVP reservation + Low Preempt Aggregation as per RFC3175 Need for Multiple Aggregate reservations for a given <Aggregator, Deaggregator, DSCP> tuple draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

4 Proposed Extensions: AGGREGATE/GPI Session
| IPv4 Session Address (4 bytes) | | /////////// | Flags | ///////// | DSCP | RFC3175 Aggregate-IPv4 Session RFC2207 IPv4/GPI Session | IPv4 DestAddress (4 bytes) | | Protocol ID | Flags | vDstPort | | IPv4 DestAddress (4 bytes) | | Protocol ID | Flags | vDstPort | DSCP | Proposed Aggregate/GPI Session = Union (RFC3175 Session, RFC2207 Session) draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

5 Changes 0001 Broadening of the applicability of the new type of aggregate reservations beyond use for Aggregate reservations for IPsec tunnels (ie to environments where IPsec is not used – as per 2nd Use Case): document renamed to "Generic Aggregate RSVP Reservations“ added a subsection in Introduction to discuss a case where Generic Aggregate RSVP Reservations are needed in non IPsec environments added text about the fact that the Generic Aggregate Reservations can be used with IP-in-IP and GRE encapsulation (in addition to with IPsec AH and ESP) added example usage under Section 5 for environment where IPsec is not used draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

6 Changes 0001 The other significant changes are:
added a subsection describing the changes to the [RSVP-AGG] procedures under Section 4 added explanation about allocation of VDstPort values by Deaggregator, in that same subsection added value of Protocol ID in all example generic aggregate reservations in Section 5 Clarifications on granularity of policing in section 4.1 draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

7 Open Items Aggregator/Deaggregator behavior:
Clarifying text needed: Aggregator responsible for deciding/maintaining necessary Security Associations with Deaggregator Deaggregator responsible for requesting establishment of new aggregate reservation and for mapping of end-to-end reservation onto aggregate reservation handling dynamic SPI/Security_Association updates: Text currently in security section need to be moved to main body draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

8 Next Steps Get more feed-back Accept as TSVWG Working Group document
draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

9 Backup Slides draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

10 Relationship to existing RFCs?
RFC2207: “RSVP Extensions for IPSEC Data Flows”: Allows reservations for individual IPsec flows. BUT does NOT address aggregate reservations between IPsec devices with Diffserv classif/scheduling RFC3175: “Aggregation of RSVP for IPv4 and IPv6 Reservations”: Supports Aggregate reservations with Diffserv classif/scheduling. BUT does NOT support IPsec betw Aggregator and Deaggregator Does not allow multiple reservations with same DSCP This draft: Supports (multiple) Aggregate Reservations based on Diffserv classif/scheduling AND supports IPsec betw Aggregator and Deaggregator draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

11 What’s missing in RFC3175 ? o IP4 SESSION object: Class = SESSION, C-Type = RSVP-AGGREGATE-IP | IPv4 Session Address (4 bytes) | | /////////// | Flags | ///////// | DSCP | o IP4 SENDER_TEMPLATE object: Class = SENDER_TEMPLATE, C-Type = RSVP-AGGREGATE-IP | IPv4 Aggregator Address (4 bytes) | Not possible to associate reservation with IPsec tunnel (eg SPI) Not possible to setup multiple reservations for same DSCP (eg for multiple preemptions) draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

12 What’s missing in RFC2207 ? o IPv4/GPI SESSION object: Class = 1, C-Type = | IPv4 DestAddress (4 bytes) | | Protocol ID | Flags | vDstPort | o IPv4/GPI FILTER_SPEC object: Class = 10, C-Type = | IPv4 SrcAddress (4 bytes) | | Generalized Port Identifier (GPI) | Not possible to associate the reservation with a DSCP (RFC2207 assumes per-flow mode) draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

13 For completeness: What’s missing in RFC2746 ?
RFC2746: “RSVP Operations over IP Tunnels” “Type 2 Tunnel” is similar in the sense that a single reservation is made for the tunnel while many individual flows are carried over the tunnel, BUT Does not address case where flows are encrypted (and does not allow identification of traffic via SPI) Does not address case of Diffserv classification/scheduling (which is why RFC3175 was developed in the first place) draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

14 Proposed Extensions: AGGREGATION-SESSION Object
New-Aggregate-Needed Incl Aggregation-Session R1 R2 R4 P2 IPsec tunnel Intserv/Diffserv Cloud R7 Aggregate reservation For IPsec tunnel R3 R5 End-to-end RSVP reservation R6 Like in RFC3175, Deaggregator can send to Aggregator an 2e2 PathError with “New-Aggregate-Needed” Error, to request Aggregator to establish a new Aggregate reservation New “AGGREGRATION SESSION” object included, which contains the Session Object of required Session (including DSCP, VDstPort,..) Also used in e2e Resv, to communicate to Deaggregator the Aggregate session to map e2e reservation onto draft-lefaucheur-rsvp-ipsec-01.txt IETF 63

Download ppt "<draft-lefaucheur-rsvp-ipsec-01"

Similar presentations

1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.

1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.
Philip Eardley, Bob Briscoe, Dave Songhurst - BT Francois Le Faucheur, Anna Charny, Vassilis Liatsos – Cisco Kwok-Ho Chan, Joe Babiarz, Stephen Dudley.

Philip Eardley, Bob Briscoe, Dave Songhurst - BT Francois Le Faucheur, Anna Charny, Vassilis Liatsos – Cisco Kwok-Ho Chan, Joe Babiarz, Stephen Dudley.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Understanding MPLS TE Components.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Understanding MPLS TE Components.
TSVWG #1 IETF-92 (Dallas) 24 th March 2015 Gorry Fairhurst David Black WG chairs.

TSVWG #1 IETF-92 (Dallas) 24 th March 2015 Gorry Fairhurst David Black WG chairs.
NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-00.txt Charles Shen, Henning Schulzrinne Sung-Hyuck Lee, Jong Ho Bang IETF#63 – Paris, France August.

NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-00.txt Charles Shen, Henning Schulzrinne Sung-Hyuck Lee, Jong Ho Bang IETF#63 – Paris, France August.
CS 672 1 Summer 2003 Lecture 9. CS 672 2 Summer 2003 FILTERSPEC Object FILTERSPEC Object defines filters for selecting a subset of data packets in a session.

CS Summer 2003 Lecture 9. CS Summer 2003 FILTERSPEC Object FILTERSPEC Object defines filters for selecting a subset of data packets in a session.
Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.

Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Draft-tarapore-mbone- multicast-cdni-05 Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram Krishnan, Brocade.

Draft-tarapore-mbone- multicast-cdni-05 Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram Krishnan, Brocade.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
QoS NSLP draft-ietf-nsis-qos-nslp-06.txt Slides: Sven van den Bosch, Georgios Karagiannis, Andrew McDonald.

QoS NSLP draft-ietf-nsis-qos-nslp-06.txt Slides: Sven van den Bosch, Georgios Karagiannis, Andrew McDonald.
RSVP Resource Sharing Remote Identification Association draft-ietf-ccamp-rsvp-resource-sharing-00 Francois Le Faucheur Ashok Narayanan Subha Dhesikan IETF.

RSVP Resource Sharing Remote Identification Association draft-ietf-ccamp-rsvp-resource-sharing-00 Francois Le Faucheur Ashok Narayanan Subha Dhesikan IETF.
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
TSVWG IETF-68 James Polk Lars Eggert Magnus Westerlund.

TSVWG IETF-68 James Polk Lars Eggert Magnus Westerlund.
TSVWG IETF-76 (Hiroshima) James Polk Gorry Fairhurst With an assist for this meeting from **Magnus Westerlund**

TSVWG IETF-76 (Hiroshima) James Polk Gorry Fairhurst With an assist for this meeting from **Magnus Westerlund**
MLPP Update Fred Baker/James Polk. Drafts in question draft-ietf-tsvwg-mlef-concerns-00.txt draft-ietf-tsvwg-mlpp-that-works-00.txt draft-ietf-tsvwg-rsvp-bw-reduction-00.txt.

MLPP Update Fred Baker/James Polk. Drafts in question draft-ietf-tsvwg-mlef-concerns-00.txt draft-ietf-tsvwg-mlpp-that-works-00.txt draft-ietf-tsvwg-rsvp-bw-reduction-00.txt.
ACHIEVING MULTIMEDIA QOS OVER HYBRID IP/PSTN INFRASTRUCTURES QOS Signalling and Media Gateway Control ITU-T SG13/SG16 Workshop on IP Networking and Mediacom.

ACHIEVING MULTIMEDIA QOS OVER HYBRID IP/PSTN INFRASTRUCTURES QOS Signalling and Media Gateway Control ITU-T SG13/SG16 Workshop on IP Networking and Mediacom.
1 IETF66/TSVWG: RSVP Extensions for Emergency draft-lefaucheur-emergency-rsvp-02.txt RSVP Extensions for Emergency Services Francois Le Faucheur -

1 IETF66/TSVWG: RSVP Extensions for Emergency draft-lefaucheur-emergency-rsvp-02.txt RSVP Extensions for Emergency Services Francois Le Faucheur -
Generic Aggregation of Resource Reservation Protocol (RSVP) for IPv4 and IPv6 Reservation over PCN domains Georgios Karagiannis, Anurag Bhargava draft-ietf-tsvwg-rsvp-pcn-01.

Generic Aggregation of Resource Reservation Protocol (RSVP) for IPv4 and IPv6 Reservation over PCN domains Georgios Karagiannis, Anurag Bhargava draft-ietf-tsvwg-rsvp-pcn-01.

Similar presentations

Ads by Google