| Re: need clarification on UDP ports | <– Date –> <– Thread –> |
From: Abhijit Choudhury (Abhijit sinett.com)
|
|
| Date: Tue, 17 Oct 2006 14:09:31 -0700 (PDT) | |
I think for data channel security, it will have
to be a binary decision for an AC/WTP pair, i.e.
if data channel encryption is enabled, it is for all data.
For the control channel, I think to have a clean
solution (with deterministic behavior) we need either
a separate discovery port or a type header which allows
one to distinguish between discovery and dtls packets.
Scott
In a clean solution, the packet itself should have enough
information to clearly classify it as one of the four types
of packets. We should not have to depend on configuration
lookups to check whether the packet is supposed to be DTLS
encrypted or not.
We have used this principle already in designing the CAPWAP
header. The T bit clearly identifies the payload as 802.3 or
native format. This could have been identified based on a
config lookup since an AC would typically handle 802.3 payload
or native but rarely both. But we chose to include this information
the header itself to make the design clean.
The same idea should be used for distinguishing between
the four packet types. Having four distinct UDP ports is one
option. I'm sure there are others.
Regards,
Abhijit
-
need clarification on UDP ports Abhijit Choudhury, October 17 2006
- Re: need clarification on UDP ports NKA NKA, October 17 2006
-
Re: need clarification on UDP ports Scott G. Kelly, October 17 2006
- Re: need clarification on UDP ports NKA, October 18 2006
- Re: need clarification on UDP ports Abhijit Choudhury, October 17 2006
- Re: need clarification on UDP ports NKA, October 18 2006
-
Re: need clarification on UDP ports Scott G. Kelly, October 18 2006
- Re: need clarification on UDP ports Navin (NKA), October 19 2006
- Re: need clarification on UDP ports Abhijit Choudhury, October 18 2006
Results generated by Tiger Technologies using MHonArc.