RSVP over IPsec Tunnel Mode Using RFC 3175

摘要

Today, there is no effective solution for End-to-End (E2E) Resource reSerVation Protocol (RSVP) over Internet Protocol Security (Ipsec) tunnel mode or Virtual Private Network (VPN) environment. Currently, the interior routers supporting tunnels cannot respond to the encapsulated E2E RSVP messages and data. In this paper, we address the problem by providing a capability to support E2E RSVP over IPsec using the IETF RFC 3175 specifications. The RFC 3175-^s"Aggregation of RSVP for IPv4 and IPv6 Reservations," is an IETF proposal for improving the scalability of RSVP, however, it does not address its implementation over IPsec (or VPN) environments. We propose Aggregate RSVP (A-RSVP) sessions between the routers to reserve the interior resources on behalf of the E2E RSVP sessions. The A-RSVP sessions are transmitted plain-text (PT) between enclaves and use the global DiffServ Code Point (DSCP) and tunnel exit point address as the RSVP session identifier. The encapsulated data is classified and scheduled by the interior network based on DiffServ's global DSCP marking and the corresponding Per Hop Behaviors. The primary contribution of this design over RFC 3175 is to waive the requirement for protocol identifier modification (RSVP-E2E-IGNORE) and to identify a framework for implementing the capability over a tunnel-specific environment with multiple security enclaves. An alternative for multicast support is also proposed. The original proposal in RFC 3175 has the interior network depending on exterior multicast addresses to identify destination de-aggregators. We propose that portions of the multicast E2E path be aggregated together with unicast E2E RSVP sessions into the (unicast) A-RSVP sessions. The A-RSVP session will aggregate unicast and multicast RSVP sessions with similar service requirements.