Skip to main content

Network Performance Measurement for IPsec

Document Type Replaced Internet-Draft (individual)
Authors Yang Cui , Emily Bi , Kostas Pentikousis
Last updated 2013-08-29 (Latest revision 2013-02-25)
Replaced by draft-ietf-ippm-ipsec, draft-ietf-ippm-ipsec, draft-ietf-ippm-ipsec, RFC 7717
Stream (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-ippm-ipsec, draft-ietf-ippm-ipsec
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


IPsec is a mature technology with several interoperable implementations. Indeed, the use of IPsec tunnels is increasingly gaining popularity in several deployment scenarios, not the least in what used to be solely areas of traditional telecommunication protocols. Wider deployment calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two-way network performance. Unfortunately, however, standard IP performance measurement security mechanisms cannot be readily used with IPsec. This document makes the case for employing IPsec to protect O/TWAMP and proposes a method which combines IKEv2 and O/TWAMP as defined in RFC 4656 and RFC 5357, respectively. This specification aims, on the one hand, to ensure that O/TWAMP can be secured, while on the other hand, it extends the applicability of O/TWAMP to networks that have already deployed IPsec.


Yang Cui
Emily Bi
Kostas Pentikousis

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)