> >
> > In an ideal world maybe. Sometimes the netwwork needs to
> mark traffic
> > at the edge switch but doesn't 'trust' the endpoint to do it. So
> > typically it would be done with policy rules.
>
> We're talking about making changes to the end nodes anyways,
> so why not
> make them handle
On Fri, Jan 08, 2010 at 11:14:06AM -0800, Joseph Tardo wrote:
> -Original Message-
>
> Also, anything QoS related should really happen outside ESP anyways.
>
>
> In an ideal world maybe. Sometimes the netwwork needs to mark traffic
> at the edge switch but doesn't 'trust' the endpoint
-Original Message-
Also, anything QoS related should really happen outside ESP anyways.
Nico
--
In an ideal world maybe. Sometimes the netwwork needs to mark traffic at the
edge switch but doesn't 'trust' the endpoint to do it. So typically it would be
done with policy rules.
Thank
2 AM
> To: Bhatia, Manav (Manav)
> Cc: Dan Harkins; Jack Kohn; ipsec@ietf.org
> Subject: Re: [IPsec] Traffic Visibility Future
>
>
> I would be very much interested in a real-world example instead
> of hypotheticals. What service provider is asking for WESP?
>
> Dan.
On Fri, Jan 08, 2010 at 07:39:47AM +0530, Jack Kohn wrote:
> > Yes, but it's useful to know what they could possibly do. If a
> > middlebox wants to drop all encrypted IPsec traffic then it needs to
> > know if it's encrypted. Knowing WESP -> ESP-null, ESP -> unknown, is
> > sufficient.
>
> Yup,
I would be very much interested in a real-world example instead
of hypotheticals. What service provider is asking for WESP?
Dan.
On Thu, January 7, 2010 6:15 pm, Bhatia, Manav (Manav) wrote:
> Dan,
>
> [clipped]
>
>> Because it's unnecessary bloat that another group may not have any
>> use
Dan,
[clipped]
> Because it's unnecessary bloat that another group may not have any
> use for. ESP-null could be used, for instance, to protect
> packets in an
> EGP routing protocol. There is no need for WESP in such an
> environment.
EGP routing protocols, by definition and design, will t
>
> Yes, but it's useful to know what they could possibly do. If a
> middlebox wants to drop all encrypted IPsec traffic then it needs to
> know if it's encrypted. Knowing WESP -> ESP-null, ESP -> unknown, is
> sufficient.
Yup, and this is what i was alluding to. All middle boxes may not want
to
On Thu, Jan 07, 2010 at 03:51:04PM -0900, Melinda Shore wrote:
> On Jan 7, 2010, at 3:45 PM, Jack Kohn wrote:
> >I am just trying to understand what a WESP powered middle box thats
> >interested in deep inspecting packets, should do when it sees a native
> >ESP packet. Should it make an attempt to
On Thu, January 7, 2010 4:39 pm, Jack Kohn wrote:
> On Fri, Jan 8, 2010 at 5:51 AM, Dan Harkins wrote:
>>
>> Hi Jack,
>>
>> On Thu, January 7, 2010 4:06 pm, Jack Kohn wrote:
>>> Folks,
>>>
>>> Some questions.
>>>
>>> o In a steady state, where we are using WESP only for ESP-NULL, what
>>> should
On Jan 7, 2010, at 3:45 PM, Jack Kohn wrote:
I am just trying to understand what a WESP powered middle box thats
interested in deep inspecting packets, should do when it sees a native
ESP packet. Should it make an attempt to parse it based on heuristics
(which i completely resent) or should it tr
On Fri, Jan 8, 2010 at 5:55 AM, Melinda Shore wrote:
> On Jan 7, 2010, at 3:06 PM, Jack Kohn wrote:
>>
>> o In a steady state, where we are using WESP only for ESP-NULL, what
>> should a middle box do when it sees ESP traffic, besides
>> hyperventilating and throwing up?
>
> How would that inform
On Fri, Jan 8, 2010 at 5:51 AM, Dan Harkins wrote:
>
> Hi Jack,
>
> On Thu, January 7, 2010 4:06 pm, Jack Kohn wrote:
>> Folks,
>>
>> Some questions.
>>
>> o In a steady state, where we are using WESP only for ESP-NULL, what
>> should a middle box do when it sees ESP traffic, besides
>> hyperven
On Jan 7, 2010, at 3:06 PM, Jack Kohn wrote:
o In a steady state, where we are using WESP only for ESP-NULL, what
should a middle box do when it sees ESP traffic, besides
hyperventilating and throwing up?
How would that information be used here? Do you want
to specify middlebox behavior?
In
Hi Jack,
On Thu, January 7, 2010 4:06 pm, Jack Kohn wrote:
> Folks,
>
> Some questions.
>
> o In a steady state, where we are using WESP only for ESP-NULL, what
> should a middle box do when it sees ESP traffic, besides
> hyperventilating and throwing up? Should it run heuristics (dang! no)
>
Folks,
Some questions.
o In a steady state, where we are using WESP only for ESP-NULL, what
should a middle box do when it sees ESP traffic, besides
hyperventilating and throwing up? Should it run heuristics (dang! no)
or should it simply assume that the packet is encrypted and do
whatever the l
16 matches
Mail list logo
