RFC 2207 (rfc2207) - Page 2 of 14


RSVP Extensions for IPSEC Data Flows



Alternative Format: Original Text Document



RFC 2207               RSVP Extensions for IPSEC          September 1997


Table of Contents

   1   Introduction . . . . . . . . . . . . . . . . . . . . . . . 2
   2   Overview of Extensions . . . . . . . . . . . . . . . . . . 3
   3   Object Definition. . . . . . . . . . . . . . . . . . . . . 4
       3.1  SESSION Class . . . . . . . . . . . . . . . . . . . . 5
       3.2  FILTER_SPEC Class . . . . . . . . . . . . . . . . . . 5
       3.3  SENDER_TEMPLATE Class . . . . . . . . . . . . . . . . 6
   4   Processing Rules . . . . . . . . . . . . . . . . . . . . . 6
       4.1  Required Changes. . . . . . . . . . . . . . . . . . . 6
       4.2  Merging Flowspecs . . . . . . . . . . . . . . . . . . 7
       4.2.1  FF and SE Styles. . . . . . . . . . . . . . . . . . 7
       4.2.2  WF Styles . . . . . . . . . . . . . . . . . . . . . 8
   5   IANA Considerations. . . . . . . . . . . . . . . . . . . . 8
   6   Security Considerations. . . . . . . . . . . . . . . . . . 8
   7   References . . . . . . . . . . . . . . . . . . . . . . . .10
   8   Acknowledgments . . . . . . . . . . . .  . . . . . . . . .10
   9   Authors' Addresses . . . . . . . . . . . . . . . . . . . .10
   A   Options Considered . . . . . . . . . . . . . . . . . . . .11
       A.1  UDP Encapsulation . . . . . . . . . . . . . . . . . .11
       A.2  FlowID Header Encapsulation . . . . . . . . . . . . .12
       A.3  IPSEC Protocol Modification . . . . . . . . . . . . .12
       A.4  AH Transparency . . . . . . . . . . . . . . . . . . .13

1   Introduction

   Recently published Standards Track RFCs specify protocol mechanisms
   to provide IP level security.  These IP Security, or IPSEC, protocols
   support packet level authentication, [RFC 1826], and integrity and
   confidentiality [RFC 1827].  A number of interoperable
   implementations already exist and several vendors have announced
   commercial products that will use these mechanisms.

   The IPSEC protocols provide service by adding a new header between a
   packet's IP header and the transport (e.g. UDP) protocol header.  The
   two security headers are the Authentication Header (AH), for
   authentication, and the Encapsulating Security Payload (ESP), for
   integrity and confidentiality.

   RSVP is being developed as a resource reservation (dynamic QoS setup)
   protocol.  RSVP as currently specified [RFC 2205] is tailored towards
   IP packets carrying protocols that have TCP or UDP-like ports.
   Protocols that do not have such UDP/TCP-like ports, such as the IPSEC
   protocols, can be supported, but only with limitations.
   Specifically, for flows of IPSEC data packets, flow definition can
   only be done on per IP address, per protocol basis.





Berger & O'Malley           Standards Track