Perry E. Metzger writes:
> Michael Thomas <[EMAIL PROTECTED]> writes:
> > Bzzt. You're overloading semantics. SPI's enumerate
> > the set of packets for which a given security policy
> > applies. That may have exactly zero to do with the
> > QoS policies you'd like to apply.
>
> In the scheme proposed, flow labels just enumerate a set of packets
> that a host has chosen to designate as a "flow" because, say, they're
> all using the same TCP socket -- which may also have exactly zero to
> do with the QoS policies you'd like to apply. How is it any different
> than the SPI situation?
Again, security policy is not identical to
QoS policy. The only way to make them identical
is to have separate IPsec SA's for each QoS flow.
This would be a huge waste, both on the signaling
front as well as the SADB cost.
And I don't see what TCP sockets have to do
with anything; how a host OS allows packets
to be marked is an API issue just like setting
the DSCP.
> > By all means, let's just ignore silicon considerations.
> > Moore's Law trumps all, obviously.
>
> If they have to build tuple extraction into the hardware anyway to
> deal with the implementations that don't do flow labels (i.e any
> deployed in the next few years), how can we claim that we're going to
> get around people having to build hardware? Given that several vendors
> have already designed the hardware, how are we going to be helping?
There's a huge difference between "building it in
hardware" and "building it in hardware at speed".
I have infinite optimism in the creativity of
hardware geeks except for one thing: they
always tell you what set of things fit into a
die and that you get to choose which ones to
delete when they don't all fit. The bigger you
make certain modules the less you have for
other things. In this case, fixed fields are
good; linked lists are bad. Doable but bad is
still bad.
Also: you seem to be under the illusion that
QoS classifiers are set in stone. They are not.
I just took a quick look at SCTP: its ports
are not in the same place as TCP/UDP; hence,
hardware change. Each new IP protocol that we
come up with will have the same problem. The
flow label has the potential to stop that
problem now and forever.
Mike
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
