draft-ietf-ipsecme-iptfs-10.txt   draft-ietf-ipsecme-iptfs-11.txt 
Network Working Group C. Hopps Network Working Group C. Hopps
Internet-Draft LabN Consulting, L.L.C. Internet-Draft LabN Consulting, L.L.C.
Intended status: Standards Track September 3, 2021 Intended status: Standards Track October 24, 2021
Expires: March 7, 2022 Expires: April 27, 2022
IP-TFS: Aggregation and Fragmentation Mode for ESP and its Use for IP IP-TFS: Aggregation and Fragmentation Mode for ESP and its Use for IP
Traffic Flow Security Traffic Flow Security
draft-ietf-ipsecme-iptfs-10 draft-ietf-ipsecme-iptfs-11
Abstract Abstract
This document describes a mechanism for aggregation and fragmentation This document describes a mechanism for aggregation and fragmentation
of IP packets when they are being encapsulated in ESP payload. This of IP packets when they are being encapsulated in ESP payload. This
new payload type can be used for various purposes such as decreasing new payload type can be used for various purposes such as decreasing
encapsulation overhead for small IP packets; however, the focus in encapsulation overhead for small IP packets; however, the focus in
this document is to enhance IPsec traffic flow security (IP-TFS) by this document is to enhance IPsec traffic flow security (IP-TFS) by
adding Traffic Flow Confidentiality (TFC) to encrypted IP adding Traffic Flow Confidentiality (TFC) to encrypted IP
encapsulated traffic. TFC is provided by obscuring the size and encapsulated traffic. TFC is provided by obscuring the size and
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 7, 2022. This Internet-Draft will expire on April 27, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 12, line 14 skipping to change at page 12, line 14
2.5. Summary of Receiver Processing 2.5. Summary of Receiver Processing
An AGGFRAG enabled SA receiver has a few tasks to perform. An AGGFRAG enabled SA receiver has a few tasks to perform.
The receiver first reorders, possibly out-of-order ESP packets The receiver first reorders, possibly out-of-order ESP packets
received on an SA into in-sequence-order AGGFRAG_PAYLOAD payloads received on an SA into in-sequence-order AGGFRAG_PAYLOAD payloads
(Section 2.2.3). If congestion control is enabled, the receiver (Section 2.2.3). If congestion control is enabled, the receiver
considers a packet lost when it's sequence number is abandoned (e.g., considers a packet lost when it's sequence number is abandoned (e.g.,
pushed out of the re-ordering window, or timed-out) by the reordering pushed out of the re-ordering window, or timed-out) by the reordering
algorithm. algorithm. As an optional optimization (e.g., to handle very lossy
and/or reordered tunnel paths), the receiver MAY transmit any fully
formed inner packets contained within the AGGFRAG_PAYLOADs prior to
re-ordering the outer packets.
Additionally, if congestion control is enabled, the receiver sends Additionally, if congestion control is enabled, the receiver sends
congestion control data (Section 6.1.2) back to the sender as congestion control data (Section 6.1.2) back to the sender as
described in Section 2.4.2 and Section 3. described in Section 2.4.2 and Section 3.
Finally, the receiver processes the now in-order AGGFRAG_PAYLOAD Finally, the receiver processes the now in-order AGGFRAG_PAYLOAD
payload stream to extract the inner-packets (Section 2.2.3, payload stream to extract the inner-packets (Section 2.2.3,
Section 6.1). Section 6.1).
3. Congestion Information 3. Congestion Information
skipping to change at page 27, line 32 skipping to change at page 27, line 32
OH = NF * (IPsec Overhead + Outer Payload Size) OH = NF * (IPsec Overhead + Outer Payload Size)
- Inner Packet Size - Inner Packet Size
C.2. Overhead Comparison C.2. Overhead Comparison
The following tables collect the overhead values for some common L3 The following tables collect the overhead values for some common L3
MTU sizes in order to compare them. The first table is the number of MTU sizes in order to compare them. The first table is the number of
octets of overhead for a given L3 MTU sized packet. The second table octets of overhead for a given L3 MTU sized packet. The second table
is the percentage of overhead in the same MTU sized packet. is the percentage of overhead in the same MTU sized packet.
XXX rerun these.
Type ESP+Pad ESP+Pad ESP+Pad IP-TFS IP-TFS IP-TFS Type ESP+Pad ESP+Pad ESP+Pad IP-TFS IP-TFS IP-TFS
L3 MTU 576 1500 9000 576 1500 9000 L3 MTU 576 1500 9000 576 1500 9000
PSize 522 1446 8946 518 1442 8942 PSize 522 1446 8946 518 1442 8942
----------------------------------------------------------- -----------------------------------------------------------
40 482 1406 8906 4.5 1.6 0.3 40 482 1406 8906 4.5 1.6 0.3
128 394 1318 8818 14.3 5.1 0.8 128 394 1318 8818 14.3 5.1 0.8
256 266 1190 8690 28.7 10.3 1.7 256 266 1190 8690 28.7 10.3 1.7
518 4 928 8428 58.0 20.8 3.4 518 4 928 8428 58.0 20.8 3.4
576 576 870 8370 64.5 23.2 3.7 576 576 870 8370 64.5 23.2 3.7
1442 286 4 7504 161.5 58.0 9.4 1442 286 4 7504 161.5 58.0 9.4
skipping to change at page 30, line 28 skipping to change at page 30, line 28
Notice that the latency values are very similar between the two Notice that the latency values are very similar between the two
solutions; however, whereas IP-TFS provides for constant high solutions; however, whereas IP-TFS provides for constant high
bandwidth, in some cases even exceeding native Ethernet, ESP with bandwidth, in some cases even exceeding native Ethernet, ESP with
padding often greatly reduces available bandwidth. padding often greatly reduces available bandwidth.
Appendix D. Acknowledgements Appendix D. Acknowledgements
We would like to thank Don Fedyk for help in reviewing and editing We would like to thank Don Fedyk for help in reviewing and editing
this work. We would also like to thank Michael Richardson, Sean this work. We would also like to thank Michael Richardson, Sean
Turner and Valery Smyslov for reviews and many suggestions for Turner, Valery Smyslov and Tero Kivinen for reviews and many
improvements, as well as Joseph Touch for the transport area review suggestions for improvements, as well as Joseph Touch for the
and suggested improvements. transport area review and suggested improvements.
Appendix E. Contributors Appendix E. Contributors
The following people made significant contributions to this document. The following people made significant contributions to this document.
Lou Berger Lou Berger
LabN Consulting, L.L.C. LabN Consulting, L.L.C.
Email: lberger@labn.net Email: lberger@labn.net
 End of changes. 6 change blocks. 
10 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/