Alex Conta wrote:
> I think you are talking about tunnel mode ESP, and Brian talks about
> transport
> mode ESP.
I am not mixing them. Diffserv only works within a single domain
when ESP is used, because in that context there is a hope that
the SPI carries enough context for the first hop provider to
construct the DSCP. Once the domain boundary is crossed that
capability is lost so the next provider has no clue how to set
the DSCP. If those were fixed bits end-to-end, the first hop
could have set them and all the rest could process accordingly.
> ... Ports and protocol ID, are encrypted, while BA
> classification, can still
> be done, since the DSCP is in clear.
But the point is that no provider will understand or trust the
DSCP as it is passed between domains, so BA classification will
fail after the first provider, and it will even fail there if
that provider doesn't trust the host to mark it correctly.
> To me it is simple: I see the IPv6 main header divided into functions
> for forwarding,
> and functions for QoS.
You appear to have forgotten that the endpoints need to
communicate with each other. The header is also used for
that primary function, or the others will not matter.
> You seem to see the problem in terms of bit allocation.
That is not my point, and you are the one that keeps raising
the value of the bits... Anyway the point is that we are
being asked to change an existing definition to accomidate
a capability that another WG really needs, but refused to
create for itself in the field it had to work with. Why
should we do that?
> OK, so the alternative that you suggest, means to have the DIffserv WG
> rework a completely different Diffserv model, mechanisms,
> architecture,
> specifications which some are already on the standards track, IETF
> marketing, etc... for IPv6.
>
> This means dropping, the model, architecture, mechanisms,
> implementation similarity/compatibility between IPv6 and IPv4
No in fact that is what your proposal does. IPv4 does not have
the flow label to fall back on, so your proposal makes the
mechanisms different between the versions. All I am saying is
that the diffserv WG should go back and define a set of DSCP
values with global context, then there would be no need for
modification of the flow label definition.
Tony
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
