Reviewer: Marcus Ihlar Review result: Ready with Issues This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information. When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@xxxxxxxx if you reply to or forward this review. This document introduces a mechanism for establishing multiple child SAs for a single traffic selector and binding these SAs to specific resources such as CPUs. This simplifies parallel crypto processing since there is no need to synchronize state between CPUs. Overall this is a well written document with a straight forward solution to a concrete problem. Packets of a single traffic selector can be mapped to multiple Child SAs that are bound to specific resources. How individual packets are mapped to Child SAs can have consequences for end-to-end performance, for instance by introducing packet reordering and packet delay variation if packets of a single end-to-end flow are split across Child SAs. Load balancing algorithms and policies are likely best left as implementation details but I do think a paragraph in the operational considerations section could be warranted. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
