Tero Kivinen <kivi...@iki.fi> wrote:
> Michael Richardson writes:
>> For a given IPsec SA, they want to overwrite/force/set the DSCP to a
>> particular value. It will not depend upon the traffic goes into it
>> (but, the SPD selectors may quite specificly pick the traffic).
> If I think RFC4301 already requires that. I.e. it requires
> implementations to be able to map DSCP values to suitable value. If
> the sender knows how to pick up suitable DSCP values and they are then
> tunneled through the IPsec tunnel, then the receiving GW can use those
> to map those values to the suitable values for the other domain.
Yes, I did quote the part of 4301 that mandates that it be settable.
> I am missing how does the trasmitting this information from SGW to SGW
> affect the IPsec processing? I do not think we should use IKE as
> transmitting all kind of stuff that other end might be interested in.
It does not affect any processing. Who said that it did?
The question is, how does the UE know what DSCP to put on the ESP packet?
Yes, it could come from another protocol, but which? IKE already did the
authentication, and so already established what entity is asking for service.
One might statically configure things, but if the UE moves around the exact
DSCP might change.
As David Black pointed out, there might be Diffserv boundaries. In that
case, the UE has to put the DSCP appropriate for the network the UE is
attached to, and for things to work, there either has to be DSCP rewriting
occuring at the diffserv boundary. But, all that matters is that the UE put
the DSCP in, the network takes care of the rest.h
The gateway might know where the diffserv boundaries are by special
knowledge, but there is no reason to need to tell the UE about it.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
pgp0bitwXOlPT.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
