Nasir, I will read this paper later.
For multi-path SA, a multi-homed device or device with multiple interfaces can take advantage of it. Maybe multi-path TCP could provide some other clue. Thanks, Victor From: Nasir Bhutta [mailto:[email protected]] Sent: Thursday, April 05, 2012 11:01 AM To: dharmanandana pothulam Cc: Xiangyang zhang; [email protected] Subject: Re: [IPsec] [IPSec]: Multiple path IP Security for draft-zhang-ipsecme-multi-path-ipsec-00 Hi All, What are good applications and/or importance in Industry for Multi-path IPsec and Multilayer-IPsec? We have also modified the previous ML-IPsec to support for dynamic break down of IP datagram into different Zones. A paper of dynamic ML-IPsec is attached with this email. All critical questions and comments are welcome. With thanks. Kind Regards, Nasir On Thu, Apr 5, 2012 at 5:18 PM, Dharmanandana Reddy Pothula <[email protected]<mailto:[email protected]>> wrote: Hi Zhang, I am confused about the statement in your draft "Unlike SA bundle, one IP packet is still protected by one single SA instead of nested SAs". Does single SA means cluster SA? Or sub-SA? If it is cluster SA, what exactly it meant from SAD point of view? For example, Let us consider the following header, the host is tunneling a packet to the gateway using ESP but is authenticating to the end host B. How do we address this using your proposed solution SA clustering? If multiple packets goes through two different sub-SA's. here my understanding is two different sub-SA's means two separate SA's are ESP SA and AH SA. Does this mean packet go through either ESP SA or AH SA? Please correct me , if I misunderstood. [Bb726946.f4_14(en-us,TechNet.10).gif]<http://technet.microsoft.com/en-us/library/Bb726946.f4_14_big(l=en-us).gif> Second point, About SA cluster feature support, Does both parties need to exchange vendor ID to express support and use of SA cluster feature? It would be better to address this in draft including proposed vendor id values, if vendor id used in IKE negotiation. Third point, about name of the draft, I feel multiple path sounds like multiple routes, it does not implies multiple SA's. Regards, Dharmanandana Reddy Pothula. This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec
<<inline: image001.gif>>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
