Network Performance Measurement for IPsec

Document Type Replaced Internet-Draft (individual)
Last updated 2013-08-29 (latest revision 2013-02-25)
Replaced by RFC 7717
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-ippm-ipsec
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


IPsec is a mature technology with several interoperable implementations. Indeed, the use of IPsec tunnels is increasingly gaining popularity in several deployment scenarios, not the least in what used to be solely areas of traditional telecommunication protocols. Wider deployment calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two-way network performance. Unfortunately, however, standard IP performance measurement security mechanisms cannot be readily used with IPsec. This document makes the case for employing IPsec to protect O/TWAMP and proposes a method which combines IKEv2 and O/TWAMP as defined in RFC 4656 and RFC 5357, respectively. This specification aims, on the one hand, to ensure that O/TWAMP can be secured, while on the other hand, it extends the applicability of O/TWAMP to networks that have already deployed IPsec.


Yang Cui (
Emily Bi (
Kostas Pentikousis (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)