RE: Last call feedback: draft-mm-wg-effect-encrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Al,

	In my experience, protocol has been the 5th tuple along with Source and Destination IP address and ports.

Thanks,
Badri

-----Original Message-----
From: MORTON, ALFRED C (AL) [mailto:acmorton@xxxxxxx] 
Sent: Tuesday, March 14, 2017 5:01 PM
To: Badri Subramanyan <Badri.Subramanyan@xxxxxxx>; kathleen.moriarty.ietf@xxxxxxxxx; saag@xxxxxxxx; ietf@xxxxxxxx
Cc: stephen.farrell@xxxxxxxxx
Subject: RE: Last call feedback: draft-mm-wg-effect-encrypt

Hi Badri,
one follow-up question below:

> -----Original Message-----
> From: Badri.Subramanyan@xxxxxxx [mailto:Badri.Subramanyan@xxxxxxx]
> Sent: Friday, March 10, 2017 2:35 AM

<snip>

> > If the streams are encrypted, then the ALG feature would be rendered
> 
> > useless. This would limit the capability of any network element to
> 
> > make smart policing and routing decisions based on application layer
> attributes.
> 
> 
> Kathleen wrote:
> Do you know if these can work with a 2-tuple or 5-tuple?  Is there an 
> impact from encryption via TLS for instance?  If so, what is that 
> impact?
> 
> [Badri] The rules in most of the cases is 5-tuple to accurately depict 
> a flow. Yes, there is an impact from encryption via TLS as most of the 
> implementations of ALG get information regarding supporting protocols 
> by parsing data. With TLS encryption, the ALG loses the ability to 
> parse, hence get information on the supporting protocols.
> 
> 
> Kathleen wrote:
> What is used by ALG to correlate streams?  This would be helpful to 
> understand if this particular method for ALGs does become 'useless'
> and also to figure out if other options may exist to perform the 
> functions needed.
> 
> [Badri] RFC 2663, Section 2.9 gives information about ALG. There isn’t 
> one defined method to implement it and some of the methods used by 
> vendors are included below.
> 
> 1.  Parse the content of the primary stream and identify the 5-tuple 
> of the supporting streams as it is being negotiated.
> 
> 2. Intercept and modify the 5-tuple information of the supporting 
> stream as the it is being negotiated on the primary stream. This is a 
> little more intrusive in nature.
> 
> 
[ACM]
After Src&Dst Address and Port, what is the 5th Element of the 5-tuple in your experience?

Protocol number and Packet Priority Marking (DSCP) are two candidates...

let us know, thanks!
Al

"Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s). 
are confidential and may be privileged. If you are not the intended recipient. you are hereby notified that any 
review. re-transmission. conversion to hard copy. copying. circulation or other use of this message and any attachments is 
strictly prohibited. If you are not the intended recipient. please notify the sender immediately by return email. 
and delete this message and any attachments from your system.

Virus Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this email. 
The company cannot accept responsibility for any loss or damage arising from the use of this email or attachment."




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]