Quality of Service (QoS) Signaling in a Nested Virtual Private Network
RFC 4923
Document Type RFC - Informational (August 2007; No errata)
Authors Pratik Bose  , Fred Baker 
Last updated 2015-10-14
Replaces draft-baker-tsvwg-vpn-signaled-preemption
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Early Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4923 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Magnus Westerlund
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                           F. Baker
Request for Comments: 4923                                 Cisco Systems
Category: Informational                                          P. Bose
                                                         Lockheed Martin
                                                             August 2007

 Quality of Service (QoS) Signaling in a Nested Virtual Private Network

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   Some networks require communication between an interior and exterior
   portion of a Virtual Private Network (VPN) or through a concatenation
   of such networks resulting in a nested VPN, but have sensitivities
   about what information is communicated across the boundary,
   especially while providing quality of service to communications with
   different precedence.  This note seeks to outline the issues and the
   nature of the proposed solutions based on the framework for
   Integrated Services operation over Diffserv networks as described in
   RFC 2998.

Baker & Bose                 Informational                      [Page 1]
RFC 4923                  QoS in a Nested VPN                August 2007

Table of Contents

   1. Introduction ....................................................3
      1.1. Problem Statement ..........................................3
      1.2. Background Information and Terminology .....................4
      1.3. Nested VPNs ................................................5
      1.4. Signaled QoS Technology ....................................7
      1.5. The Resource Reservation Protocol (RSVP) ...................9
      1.6. Logical Structure of a VPN Router .........................10
   2. Reservation and Preemption in a Nested VPN .....................13
      2.1. Reservation in a Nested VPN ...............................14
      2.2. Preemption in a Nested VPN ................................16
      2.3. Working through an Example ................................17
           2.3.1. Initial Routine Reservations - Generating
                  Network State ......................................18
           2.3.2. Initial Routine Reservations - Request
                  Reservation ........................................19
           2.3.3. Installation of a Reservation Using Precedence .....20
           2.3.4. Installation of a Reservation Using Preemption .....21
   3. Data Flows within a VPN Router .................................24
      3.1. VPN Routers That Carry Data across the
           Cryptographic Boundary ....................................24
           3.1.1. Plaintext to Ciphertext Data Flows .................24
           3.1.2. Ciphertext to Plaintext Data Flows .................27
      3.2. VPN Routers That Use the Network Guard for
           Signaling across the Cryptographic Boundary ...............28
           3.2.1. Signaling Flow .....................................29
           3.2.2. Use Case with Network Guard ........................30
   4. Security Considerations ........................................33
   5. Acknowledgements ...............................................34
   6. References .....................................................34
      6.1. Normative References ......................................34
      6.2. Informative References ....................................35

Baker & Bose                 Informational                      [Page 2]
RFC 4923                  QoS in a Nested VPN                August 2007

1.  Introduction

1.1.  Problem Statement

   More and more networks wish to guarantee secure transmission of IP
   traffic across public LANs or WANs and therefore use Virtual Private
   Networks.  Some networks require communication between an interior
   and exterior portion of a VPN or through a concatenation of such
   networks resulting in a nested VPN, but have sensitivities about what
   information is communicated across the boundary, especially while
   providing quality of service to communications with different
   precedence.  This note seeks to outline the issues and the nature of
   the proposed solutions.  The outline of the QoS solution for real-
   time traffic has been described at a high level in [RFC4542].  The
   key characteristics of this proposal are that

   o  it uses standardized protocols,

   o  it includes reservation setup and teardown for guaranteed and
      controlled load services using the standardized protocols,

   o  it is independent of link delay, and therefore consistent with
      high delay*bandwidth networks as well as the more common variety,

   o  it has no single point of failure, such as a central reservation
      manager,
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools