We have been analyzing issues ESP has in current data-center networks and came to the conclusion that changes in the protocol could significantly improve its behavior. Some of results will be presented next Tuesday in a pitch talk at IETF 108. This mail is just a small teaser, in case some of you wanted to gather some arguments for the discussion.
In particular, we propose the following changes to ESP:
* Allow multiple windows per SA to allow for scaling over CPUs, windows
per QoS
class & replay protection in multicast groups
* 64 bit sequence counters in each header to ease protocol handling and
allow for
replay protection in multicast groups
* Removing the trailer to ease segment & fragment handling and alignment
* Implicit IVs in spirit of RFC 8750 removing the need for AAD
Further details and benchmark results may be found in a paper preprint [1] and a
presentation [2] we held with at the Linux IPsec Workshop.
Michael
[1] https://telematik.prakinf.tu-ilmenau.de/files/packetformat.pdf
[2] https://telematik.prakinf.tu-ilmenau.de/files/VPE.pdf
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
