| Re: New mux header for CAPWAP | <– Date –> <– Thread –> |
From: Abhijit Choudhury (Abhijit sinett.com)
|
|
| Date: Fri, 9 Jun 2006 13:00:45 -0700 (PDT) | |
Pat wrote:
Actually, I disagree. First of all, relying on a bit that states
whether the data frame is encrypted or not is irrelevant because
the AC (and WTP, for that matter) will probably rely on the
policy
negotiated during the control plane setup more than the bit.
For instance, if the AC stated that DTLS was required on the
data
plane, would it accept a packet in the clear? No, so I don't
think
we need to signal that the data plane is explicitely encrypted.
If
it doesn't comply to the negotiated mode of operation, it is
dropped.
For that matter, only 2 ports are needed.
This is quite restrictive. An AC can have some data traffic from
a remote office and require DTLS on that traffic, as well as some
traffic coming from within the local premises for which it may not
require DTLS in the data plane. DTLS on the data plane should be
a property of the specific tunnel. This needs to supported.
In general, it is a better design to have the packet fields
clearly indicate that what the nature of the payload is, rather
than depend on lookups of policy tables to decide how to
parse the packet. So, I think Dave's proposal of the header
have encodings to indicate DTLS-encrypted payload or not is
a good idea. This is still orthogonal to whether we use one
UDP port or two.
Abhijit
- Re: New mux header for CAPWAP, (continued)
- Re: New mux header for CAPWAP David T. Perkins, June 9 2006
- Re: New mux header for CAPWAP Pat Calhoun (pacalhou), June 9 2006
-
Re: New mux header for CAPWAP Pat Calhoun (pacalhou), June 9 2006
- Re: New mux header for CAPWAP David T. Perkins, June 9 2006
- Re: New mux header for CAPWAP Abhijit Choudhury, June 9 2006
- Re: New mux header for CAPWAP Pat Calhoun (pacalhou), June 9 2006
Results generated by Tiger Technologies using MHonArc.