%% You should probably cite rfc7717 instead of this I-D. @techreport{ietf-ippm-ipsec-00, number = {draft-ietf-ippm-ipsec-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/00/}, author = {Kostas Pentikousis and Yang Cui and Emma Zhang}, title = {{Network Performance Measurement for IPsec}}, pagetotal = 15, year = 2013, month = jul, day = 5, abstract = {IPsec is a mature technology with several interoperable implementations. Indeed, the use of IPsec tunnels is increasingly gaining popularity in several deployment scenarios, not the least in what used to be solely areas of traditional telecommunication protocols. Wider deployment calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two-way network performance. Unfortunately, however, standard IP performance measurement security mechanisms cannot be readily used with IPsec. This document makes the case for employing IPsec to protect the One-way and Two-Way Active Measurement Protocols (O/ TWAMP) and proposes a method which combines IKEv2 and O/TWAMP as defined in RFC 4656 and RFC 5357, respectively. This specification aims, on the one hand, to ensure that O/TWAMP can be secured with the best mechanisms we have at our disposal today while, on the other hand, it facilitates the applicability of O/TWAMP to networks that have already deployed IPsec.}, }