RE: is 1 Gbps a MUST?

["Elizabeth G. Rodriguez" <Elizabeth.G.Rodriguez@123mail.net>]

Hi all,

What John states below is accurate. 
In addition, even if we were to approve this mandate in the IPS WG
(which we are not), I do not believe that the IESG will allow the
specification to go forth if it is specified in the specification that
encryption MUST occur at a minimum of 1 Gbps.  There is no technically
valid reason to make this a requirement.  On the other hand, it is
entirely appropriate to indicate in the spec that the PROTOCOL itself
MUST be capable of supporting 1 Gbps.

Thanks,

Elizabeth
IPS Co-chair

-----Original Message-----
From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu] On Behalf Of
John Hufferd
Sent: Friday, February 22, 2002 1:59 PM
To: vince_cavanna@agilent.com
Cc: fred@cisco.com; ips@ece.cmu.edu; dave_sheehy@agilent.com;
vince_cavanna@agilent.com; pat_thaler@agilent.com
Subject: RE: is 1 Gbps a MUST?


Folks,
There will be folks that will operate on 100 Mb/s links and will use
iSCSI
with Encryption.  To say that they do not comply with the spec, for that
reason, is a bit silly.

Likewise, I believe there will be many desktops and laptops that will
support 10/100/1000 ethernet adapters and be thrilled with 300 Mb/s, it
is
also not reasonable to say that they can not claim compliance.

The spec is intended to say that the protocol must be capable of being
supported at 1 Giga bit per second.  I think most of us agree that it
is.

So to say that those folks that do not operate at gigabit speed are non
compliant is inappropriate.

.
.
.
John L. Hufferd
Senior Technical Staff Member (STSM)
IBM/SSG San Jose Ca
Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
Home Office (408) 997-6136, Cell: (408) 499-9702
Internet address: hufferd@us.ibm.com


vince_cavanna@agilent.com@ece.cmu.edu on 02/22/2002 10:54:15 AM

Sent by:    owner-ips@ece.cmu.edu


To:    fred@cisco.com
cc:    ips@ece.cmu.edu, dave_sheehy@agilent.com,
vince_cavanna@agilent.com,
       pat_thaler@agilent.com
Subject:    RE: is 1 Gbps a MUST?



Hi Fred,

|
|I won't respond to the wording of the draft, but to the sense
|that it must
|be intended to convey. If the wording doesn't convey this, it is the
|wording which must change.
|
|It seems to me that if the transfer of encrypted data at
|nominal link rates
|is expected, then encryption and decryption must be achieved
|at link rates.
|If 1 GBPS link rates are in view, guess what rates are
|important. If 10 GBPS...

Unfortunately some believe that they can be iSCSI compliant by having a
slow
implementation of IPSec and claiming that most traffic will not require
security processing. I am not one of those persons. I think that at
least
the policy check must occur at link speed regardless of what proportion
of
traffic requires security processing.

|
|It seems to me that the question is not whether or not you are
|mandated to
|implement IPSEC in software, but what you need to do to
|accomplish link
|speed encryption and decryption. Hardware and software are
|duals; you can
|implement the algorithm either way, and the trade-off is money
|vs speed.

I agree, and I did not mean to imply otherwise. I am trying to gather
opinions from this group on whether link speed encryption/decryption is
necessary, especially now that Bernad Aboba has clarified that the spec
does
not mandate it.

Vince