datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Quality of Service (QoS) Signaling in a Nested Virtual Private Network
RFC 4923

Network Working Group                                           F. Baker
Request for Comments: 4923                                 Cisco Systems
Category: Informational                                          P. Bose
                                                         Lockheed Martin
                                                             August 2007

 Quality of Service (QoS) Signaling in a Nested Virtual Private Network

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   Some networks require communication between an interior and exterior
   portion of a Virtual Private Network (VPN) or through a concatenation
   of such networks resulting in a nested VPN, but have sensitivities
   about what information is communicated across the boundary,
   especially while providing quality of service to communications with
   different precedence.  This note seeks to outline the issues and the
   nature of the proposed solutions based on the framework for
   Integrated Services operation over Diffserv networks as described in
   RFC 2998.

Baker & Bose                 Informational                      [Page 1]
RFC 4923                  QoS in a Nested VPN                August 2007

Table of Contents

   1. Introduction ....................................................3
      1.1. Problem Statement ..........................................3
      1.2. Background Information and Terminology .....................4
      1.3. Nested VPNs ................................................5
      1.4. Signaled QoS Technology ....................................7
      1.5. The Resource Reservation Protocol (RSVP) ...................9
      1.6. Logical Structure of a VPN Router .........................10
   2. Reservation and Preemption in a Nested VPN .....................13
      2.1. Reservation in a Nested VPN ...............................14
      2.2. Preemption in a Nested VPN ................................16
      2.3. Working through an Example ................................17
           2.3.1. Initial Routine Reservations - Generating
                  Network State ......................................18
           2.3.2. Initial Routine Reservations - Request
                  Reservation ........................................19
           2.3.3. Installation of a Reservation Using Precedence .....20
           2.3.4. Installation of a Reservation Using Preemption .....21
   3. Data Flows within a VPN Router .................................24
      3.1. VPN Routers That Carry Data across the
           Cryptographic Boundary ....................................24
           3.1.1. Plaintext to Ciphertext Data Flows .................24
           3.1.2. Ciphertext to Plaintext Data Flows .................27
      3.2. VPN Routers That Use the Network Guard for
           Signaling across the Cryptographic Boundary ...............28
           3.2.1. Signaling Flow .....................................29
           3.2.2. Use Case with Network Guard ........................30
   4. Security Considerations ........................................33
   5. Acknowledgements ...............................................34
   6. References .....................................................34
      6.1. Normative References ......................................34
      6.2. Informative References ....................................35

Baker & Bose                 Informational                      [Page 2]
RFC 4923                  QoS in a Nested VPN                August 2007

1.  Introduction

1.1.  Problem Statement

   More and more networks wish to guarantee secure transmission of IP
   traffic across public LANs or WANs and therefore use Virtual Private
   Networks.  Some networks require communication between an interior
   and exterior portion of a VPN or through a concatenation of such
   networks resulting in a nested VPN, but have sensitivities about what
   information is communicated across the boundary, especially while
   providing quality of service to communications with different
   precedence.  This note seeks to outline the issues and the nature of
   the proposed solutions.  The outline of the QoS solution for real-
   time traffic has been described at a high level in [RFC4542].  The
   key characteristics of this proposal are that

   o  it uses standardized protocols,

   o  it includes reservation setup and teardown for guaranteed and
      controlled load services using the standardized protocols,

[include full document text]