Re: Higher level question about flow label

[Bill Sommerfeld]

> Oh. I now see what I missed. Why doesn't including
> the SPI into the flow key work? You wouldn't be
> able to police based on port numbers (ie try to be
> a firewall), but some would say that's a feature
> not a bug.

Well, except that there's no such thing as a "well known SPI"..

When done correctly, SPI's are random and short lived, with semantics
only visible to the SA endpoints, so they just turn into a slightly
less useful form of pseudorandom flow label (since multiple "flows"
may share an SA, and the SPI's change over time as the SA's time out
and are rekeyed).

                                - Bill

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------