Bill Sommerfeld wrote:
>
> > What semantics do you think you can impose on something like that?
> >
> > => just associate a QoS to a SPI and send the information (ie. how to
> > classify packets (addresses, ..., SPI) and the QoS) to the classifier
> > (which is by definition on-path).
>
> That could be brute-forced into working if someone invented such a
> protocol. However, it seems that you could accomplish the same goal
> by having the originator of the traffic mark the diffserv bits of the
> packet "appropriately", with the classifier merely having some policy
> saying which nodes are allowed to send ipsec traffic with various
> markings, possibly translating the markings appropriately.
This doesn't necessarily work when you cross an ISP/ISP boundary.
We can't assume that appropriate SLAs exist at all ISP boudaries;
the only method that is sure to work is if each ISP can re-classify
the traffic at its ingress. Believe me, we have thought about this
*a lot* in diffserv.
Brian
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
