Re: [IPsec] Lars Eggert's Discuss on draft-ietf-ipsecme-iptfs-14: (with DISCUSS and COMMENT)

Thu, 08 Sep 2022 06:39:27 -0700 


Hi Lars [and Zahed]

Lars, these remaining 2 DISCUSS changes (below) that you indicated you were OK 
with are now in the latest published draft. Can you clear your DISCUSS?

Zahed, your DISCUSS was waiting for the new ECN text as well, can you also 
clear your DISCUSS too?

Lars Eggert <l...@eggert.org> writes:


Hi,

On 2022-8-25, at 20:29, Christian Hopps <cho...@chopps.org> wrote:


 [[RFC3168]] and [[RFC4301]], updated by [[RFC6040]] defines behaviors for 
marking
 the outer ECN field value based on the ECN field of the inner packet.
 As AGGFRAG mode may have multiple inner packets present in a single
 outer packet, and there is no obvious correct way to map these
 multiple values to the single outer packet ECN field value, the
 tunnel ingress endpoint SHOULD operate in the "compatibility" mode
 rather than the "default" mode from RFC6040. In particular this means
 that the ingress (sending) endpoint of the tunnel always sets the
 newly constructed outer encapsulating packet header ECN field
 to Not-ECT [[RFC6040]].

We have a couple more ADs with ECN as a DISCUSS:

- Lars - You wanted us to be explicit about what to do with ECN field based on 
RFC6040. The propsed text above satisfies this requirement I beleive. Agreed?


yes, possibly with the addition Martin later suggested ("unless all inner packets 
have the same marking").



Great, and regarding the addition, as Martin indicated this addition was not a 
requirement, and one reason to not include it is that it represents a leaking 
of information from the inner traffic to the outer packet which is the goal of 
this document to avoid. As both versions were acceptable, the conservative and 
safer path was chosen.

Thanks,
Chris.

Lars Eggert <l...@eggert.org> writes:

On 2022-8-25, at 12:49, Christian Hopps <cho...@chopps.org> wrote:

 One example of a simple slow-trip circuit breaker (CB) an
 implementation may provide would utilize 2 values, the amount
 of persistent loss rate required to trip the CB and the
 required length of time this persistent loss rate must be seen
 to trip the CB. These 2 value are required configuration from
 the user. When the CB is tripped the tunnel traffic is disabled,
 and an appropriate log message or other management type
 alarm is triggered indicating operate intervention is required.


Thanks, this works for me.

Lars


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec























					Reply via email to