Hi Valery,
On Fri, Oct 21, 2022 at 05:06:44PM +0300, Valery Smyslov wrote:
> >
> > The percpu SAs don't need locking as long as you can make sure that
> > it is never ever accessed by a remote cpu. To guarantee this, something
> > that does the 'dirt work' is needed. In our case that would be the
Hi,
over the last years, quite some work was done from different parties
to overcome some limitations of ESP to handle parallel datapaths,
QoS classes etc.
Chronologically ordered, we have:
November 2019:
https://datatracker.ietf.org/doc/html/draft-mglt-ipsecme-multiple-child-sa-00
That was re
I expected this question to be answered on the mailing list. I would like
this question being at the ipsecme agenda.
Yours,
Daniel
On Mon, Oct 24, 2022 at 2:41 PM Daniel Migault wrote:
> Hi all,
>
> We are looking at establishing SAs for specific DSCP values. I am
> wondering if the specificati
Reviewer: Russ Housley
Review result: Ready
I am the assigned ART-ART reviewer for this draft. I also did a Gen-ART
review of the previous version of this document. Please treat these
comments just like any other last call comments.
Document: draft-ietf-ipsecme-ikev2-multiple-ke-08
Reviewer: Ru
[Replying to this email, but commenting about the others also]
Paul Wouters writes:
> On Oct 21, 2022, at 03:37, Steffen Klassert
> wrote:
> > Another possibility would be to use the same keymat on all
> > percpu SAs
>
> You cannot do that. You need to ensure unique IVs for AEAD so you
> would
