Al,
In my experience, protocol has been the 5th tuple along with Source and
Destination IP address and ports.
Thanks,
Badri
-----Original Message-----
From: MORTON, ALFRED C (AL) [mailto:acmorton(_at_)att(_dot_)com]
Sent: Tuesday, March 14, 2017 5:01 PM
To: Badri Subramanyan <Badri(_dot_)Subramanyan(_at_)ril(_dot_)com>;
kathleen(_dot_)moriarty(_dot_)ietf(_at_)gmail(_dot_)com;
saag(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org
Cc: stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie
Subject: RE: Last call feedback: draft-mm-wg-effect-encrypt
Hi Badri,
one follow-up question below:
-----Original Message-----
From: Badri(_dot_)Subramanyan(_at_)ril(_dot_)com
[mailto:Badri(_dot_)Subramanyan(_at_)ril(_dot_)com]
Sent: Friday, March 10, 2017 2:35 AM
<snip>
If the streams are encrypted, then the ALG feature would be rendered
useless. This would limit the capability of any network element to
make smart policing and routing decisions based on application layer
attributes.
Kathleen wrote:
Do you know if these can work with a 2-tuple or 5-tuple? Is there an
impact from encryption via TLS for instance? If so, what is that
impact?
[Badri] The rules in most of the cases is 5-tuple to accurately depict
a flow. Yes, there is an impact from encryption via TLS as most of the
implementations of ALG get information regarding supporting protocols
by parsing data. With TLS encryption, the ALG loses the ability to
parse, hence get information on the supporting protocols.
Kathleen wrote:
What is used by ALG to correlate streams? This would be helpful to
understand if this particular method for ALGs does become 'useless'
and also to figure out if other options may exist to perform the
functions needed.
[Badri] RFC 2663, Section 2.9 gives information about ALG. There isn’t
one defined method to implement it and some of the methods used by
vendors are included below.
1. Parse the content of the primary stream and identify the 5-tuple
of the supporting streams as it is being negotiated.
2. Intercept and modify the 5-tuple information of the supporting
stream as the it is being negotiated on the primary stream. This is a
little more intrusive in nature.
[ACM]
After Src&Dst Address and Port, what is the 5th Element of the 5-tuple in your
experience?
Protocol number and Packet Priority Marking (DSCP) are two candidates...
let us know, thanks!
Al
"Confidentiality Warning: This message and any attachments are intended only
for the use of the intended recipient(s).
are confidential and may be privileged. If you are not the intended recipient.
you are hereby notified that any
review. re-transmission. conversion to hard copy. copying. circulation or other
use of this message and any attachments is
strictly prohibited. If you are not the intended recipient. please notify the
sender immediately by return email.
and delete this message and any attachments from your system.
Virus Warning: Although the company has taken reasonable precautions to ensure
no viruses are present in this email.
The company cannot accept responsibility for any loss or damage arising from
the use of this email or attachment."