| < draft-ietf-ipsecme-iptfs-10.txt | draft-ietf-ipsecme-iptfs-11.txt > | |||
|---|---|---|---|---|
| Network Working Group C. Hopps | Network Working Group C. Hopps | |||
| Internet-Draft LabN Consulting, L.L.C. | Internet-Draft LabN Consulting, L.L.C. | |||
| Intended status: Standards Track September 3, 2021 | Intended status: Standards Track October 24, 2021 | |||
| Expires: March 7, 2022 | Expires: April 27, 2022 | |||
| IP-TFS: Aggregation and Fragmentation Mode for ESP and its Use for IP | IP-TFS: Aggregation and Fragmentation Mode for ESP and its Use for IP | |||
| Traffic Flow Security | Traffic Flow Security | |||
| draft-ietf-ipsecme-iptfs-10 | draft-ietf-ipsecme-iptfs-11 | |||
| Abstract | Abstract | |||
| This document describes a mechanism for aggregation and fragmentation | This document describes a mechanism for aggregation and fragmentation | |||
| of IP packets when they are being encapsulated in ESP payload. This | of IP packets when they are being encapsulated in ESP payload. This | |||
| new payload type can be used for various purposes such as decreasing | new payload type can be used for various purposes such as decreasing | |||
| encapsulation overhead for small IP packets; however, the focus in | encapsulation overhead for small IP packets; however, the focus in | |||
| this document is to enhance IPsec traffic flow security (IP-TFS) by | this document is to enhance IPsec traffic flow security (IP-TFS) by | |||
| adding Traffic Flow Confidentiality (TFC) to encrypted IP | adding Traffic Flow Confidentiality (TFC) to encrypted IP | |||
| encapsulated traffic. TFC is provided by obscuring the size and | encapsulated traffic. TFC is provided by obscuring the size and | |||
| skipping to change at page 1, line 40 ¶ | skipping to change at page 1, line 40 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 7, 2022. | This Internet-Draft will expire on April 27, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 12, line 14 ¶ | skipping to change at page 12, line 14 ¶ | |||
| 2.5. Summary of Receiver Processing | 2.5. Summary of Receiver Processing | |||
| An AGGFRAG enabled SA receiver has a few tasks to perform. | An AGGFRAG enabled SA receiver has a few tasks to perform. | |||
| The receiver first reorders, possibly out-of-order ESP packets | The receiver first reorders, possibly out-of-order ESP packets | |||
| received on an SA into in-sequence-order AGGFRAG_PAYLOAD payloads | received on an SA into in-sequence-order AGGFRAG_PAYLOAD payloads | |||
| (Section 2.2.3). If congestion control is enabled, the receiver | (Section 2.2.3). If congestion control is enabled, the receiver | |||
| considers a packet lost when it's sequence number is abandoned (e.g., | considers a packet lost when it's sequence number is abandoned (e.g., | |||
| pushed out of the re-ordering window, or timed-out) by the reordering | pushed out of the re-ordering window, or timed-out) by the reordering | |||
| algorithm. | algorithm. As an optional optimization (e.g., to handle very lossy | |||
| and/or reordered tunnel paths), the receiver MAY transmit any fully | ||||
| formed inner packets contained within the AGGFRAG_PAYLOADs prior to | ||||
| re-ordering the outer packets. | ||||
| Additionally, if congestion control is enabled, the receiver sends | Additionally, if congestion control is enabled, the receiver sends | |||
| congestion control data (Section 6.1.2) back to the sender as | congestion control data (Section 6.1.2) back to the sender as | |||
| described in Section 2.4.2 and Section 3. | described in Section 2.4.2 and Section 3. | |||
| Finally, the receiver processes the now in-order AGGFRAG_PAYLOAD | Finally, the receiver processes the now in-order AGGFRAG_PAYLOAD | |||
| payload stream to extract the inner-packets (Section 2.2.3, | payload stream to extract the inner-packets (Section 2.2.3, | |||
| Section 6.1). | Section 6.1). | |||
| 3. Congestion Information | 3. Congestion Information | |||
| skipping to change at page 27, line 32 ¶ | skipping to change at page 27, line 32 ¶ | |||
| OH = NF * (IPsec Overhead + Outer Payload Size) | OH = NF * (IPsec Overhead + Outer Payload Size) | |||
| - Inner Packet Size | - Inner Packet Size | |||
| C.2. Overhead Comparison | C.2. Overhead Comparison | |||
| The following tables collect the overhead values for some common L3 | The following tables collect the overhead values for some common L3 | |||
| MTU sizes in order to compare them. The first table is the number of | MTU sizes in order to compare them. The first table is the number of | |||
| octets of overhead for a given L3 MTU sized packet. The second table | octets of overhead for a given L3 MTU sized packet. The second table | |||
| is the percentage of overhead in the same MTU sized packet. | is the percentage of overhead in the same MTU sized packet. | |||
| XXX rerun these. | ||||
| Type ESP+Pad ESP+Pad ESP+Pad IP-TFS IP-TFS IP-TFS | Type ESP+Pad ESP+Pad ESP+Pad IP-TFS IP-TFS IP-TFS | |||
| L3 MTU 576 1500 9000 576 1500 9000 | L3 MTU 576 1500 9000 576 1500 9000 | |||
| PSize 522 1446 8946 518 1442 8942 | PSize 522 1446 8946 518 1442 8942 | |||
| ----------------------------------------------------------- | ----------------------------------------------------------- | |||
| 40 482 1406 8906 4.5 1.6 0.3 | 40 482 1406 8906 4.5 1.6 0.3 | |||
| 128 394 1318 8818 14.3 5.1 0.8 | 128 394 1318 8818 14.3 5.1 0.8 | |||
| 256 266 1190 8690 28.7 10.3 1.7 | 256 266 1190 8690 28.7 10.3 1.7 | |||
| 518 4 928 8428 58.0 20.8 3.4 | 518 4 928 8428 58.0 20.8 3.4 | |||
| 576 576 870 8370 64.5 23.2 3.7 | 576 576 870 8370 64.5 23.2 3.7 | |||
| 1442 286 4 7504 161.5 58.0 9.4 | 1442 286 4 7504 161.5 58.0 9.4 | |||
| skipping to change at page 30, line 28 ¶ | skipping to change at page 30, line 28 ¶ | |||
| Notice that the latency values are very similar between the two | Notice that the latency values are very similar between the two | |||
| solutions; however, whereas IP-TFS provides for constant high | solutions; however, whereas IP-TFS provides for constant high | |||
| bandwidth, in some cases even exceeding native Ethernet, ESP with | bandwidth, in some cases even exceeding native Ethernet, ESP with | |||
| padding often greatly reduces available bandwidth. | padding often greatly reduces available bandwidth. | |||
| Appendix D. Acknowledgements | Appendix D. Acknowledgements | |||
| We would like to thank Don Fedyk for help in reviewing and editing | We would like to thank Don Fedyk for help in reviewing and editing | |||
| this work. We would also like to thank Michael Richardson, Sean | this work. We would also like to thank Michael Richardson, Sean | |||
| Turner and Valery Smyslov for reviews and many suggestions for | Turner, Valery Smyslov and Tero Kivinen for reviews and many | |||
| improvements, as well as Joseph Touch for the transport area review | suggestions for improvements, as well as Joseph Touch for the | |||
| and suggested improvements. | transport area review and suggested improvements. | |||
| Appendix E. Contributors | Appendix E. Contributors | |||
| The following people made significant contributions to this document. | The following people made significant contributions to this document. | |||
| Lou Berger | Lou Berger | |||
| LabN Consulting, L.L.C. | LabN Consulting, L.L.C. | |||
| Email: lberger@labn.net | Email: lberger@labn.net | |||
| End of changes. 6 change blocks. | ||||
| 10 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||