In your previous mail you wrote:
In case we do QOS re-ordering (caused due to shaping & queueing) for
traffic classes after encryption, the encrypted pkts get re-ordered thus
changing the order of sequence numbers. At the receiving end, such
out-of-order pkts are droped by IPsec since they do not fall under the
anit-replay window range.
Is there any proposed solution/draft which caters to this problem?
If yes, it would be great if someone can point me to it.
=> this issue is well known in the IPsec community but:
- after encryption there should be no reason to classify (then reorder)
packets in different ways
- before encryption you can setup with IKEv2 different SAs between the
same end-points and then apply different QoS.
In both cases the anti-replay window should not drop "old packets" from
QoS reordering.
Regards
francis.dup...@fdupont.fr
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
