diff options
| -rw-r--r-- | internet-draft-satp.html | 16 | ||||
| -rw-r--r-- | internet-draft-satp.txt | 62 | ||||
| -rw-r--r-- | internet-draft-satp.xml | 4 |
3 files changed, 41 insertions, 41 deletions
diff --git a/internet-draft-satp.html b/internet-draft-satp.html index e9f756a..4908a8c 100644 --- a/internet-draft-satp.html +++ b/internet-draft-satp.html @@ -179,14 +179,14 @@ Copyright © The IETF Trust (2007).</p> <h3>Abstract</h3> -<p>The secure anycast tunneling protocol (satp) defines a protocol used for communication between any combination of unicast and anycast tunnel endpoints. It has less protocol overhead than IPSec in Tunnel mode and allows tunneling of every ETHER TYPE protocol (e.g. ethernet, ip, arp ...). satp directly includes cryptography and message authentication based on the methodes used by SRTP. It is intended to deliver a generic, scaleable and secure solution for tunneling and relaying of packets of any protocol. +<p>The secure anycast tunneling protocol (satp) defines a protocol used for communication between any combination of unicast and anycast tunnel endpoints. It allows tunneling of every ETHER TYPE protocol (e.g. ethernet, ip, arp ...). SATP directly includes cryptography and message authentication based on the methodes used by SRTP. It is intended to deliver a generic, scaleable and secure solution for tunneling and relaying of packets of any protocol. </p> <a name="anchor1"></a><br /><hr /> <a name="rfc.section.1"></a><h3>1. Introduction</h3> -<p>SATP is somehow a mixture of an generic encapsulation protocol as <a class='info' href='#RFC2784'>GRE<span> (</span><span class='info'>Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina, “Generic Routing Encapsulation (GRE),” March 2000.</span><span>)</span></a> [1] and a secure tunneling protocol as <a class='info' href='#RFC2401'>IPsec<span> (</span><span class='info'>Kent, S. and R. Atkinson, “Security Architecture for the Internet Protocol,” November 1998.</span><span>)</span></a> [2] in tunnel mode. To save some header overhead it uses the encryption technices of <a class='info' href='#RFC3711'>SRTP<span> (</span><span class='info'>Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, “The Secure Real-time Transport Protocol (SRTP),” March 2004.</span><span>)</span></a> [3]. It supports peer to peer tunnels, where tunnel endpoints CAN be any combination of unicast, multicast or anycast hosts, so it defines a <a class='info' href='#RFC1546'>Host Anycast Service<span> (</span><span class='info'>Partridge, C., Mendez, T., and W. Milliken, “Host Anycasting Service,” November 1993.</span><span>)</span></a> [4] +<p>SATP is somehow a mixture of an generic encapsulation protocol as <a class='info' href='#RFC2784'>GRE<span> (</span><span class='info'>Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina, “Generic Routing Encapsulation (GRE),” March 2000.</span><span>)</span></a> [1] and a secure tunneling protocol as <a class='info' href='#RFC2401'>IPsec<span> (</span><span class='info'>Kent, S. and R. Atkinson, “Security Architecture for the Internet Protocol,” November 1998.</span><span>)</span></a> [2] in tunnel mode. To save some header overhead it uses the encryption technices of <a class='info' href='#RFC3711'>SRTP<span> (</span><span class='info'>Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, “The Secure Real-time Transport Protocol (SRTP),” March 2004.</span><span>)</span></a> [3]. It supports peer to peer tunnels, where tunnel endpoints can be any combination of unicast, multicast or anycast hosts, so it defines a <a class='info' href='#RFC1546'>Host Anycast Service<span> (</span><span class='info'>Partridge, C., Mendez, T., and W. Milliken, “Host Anycasting Service,” November 1993.</span><span>)</span></a> [4] </p> <a name="anchor2"></a><br /><hr /> <a name="rfc.section.2"></a><h3>2. @@ -217,7 +217,7 @@ tunneling from unicast hosts over anycast routers to other unicast hosts</h3> endpoint | using SATP | endpoint | using SATP | endpoint </pre></div><table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b> Figure 1 </b></font><br /></td></tr></table><hr class="insert" /> -<p>In this scenario the payload of a SATP packet is transmitted from one unicast host to one of the anycast routers. This router makes a routing descision based on the underlying protocol and transmits a new SATP package to one or more unicast hosts depending on the routing descition. +<p>In this scenario the payload gets encapsuleted into a SATP packet by a unicast host and gets transmitted to one of the anycast routers. It than gets decapsulated by the router. This router makes a routing descision based on the underlying protocol and transmits a new SATP package to one or more unicast hosts depending on the routing descition. </p> <a name="anchor5"></a><br /><hr /> <a name="rfc.section.2.1.2"></a><h3>2.1.2. @@ -266,7 +266,7 @@ redundant tunnel connection of 2 networks</h3> </pre></div><table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b> Figure 3 </b></font><br /></td></tr></table><hr class="insert" /> -<p>Network A has multible routers, that act as gateway/tunnel endpoint to another network B. This is done to build e redundant encrpted tunnel connection between the to networks. All tunnel endpoints of network A share the same anycast address and all tunnel endpoints of network B share another anycast address. +<p>Network A has multible routers, that act as gateway/tunnel endpoint to another network B. This is done to build a redundant encrpted tunnel connection between the two networks. All tunnel endpoints of network A share the same anycast address and all tunnel endpoints of network B share another anycast address. When a packet from network a gets transmitted to network B, it first arrives on one of networks A border routers. Which router is used is determined by network A's internal routing. This router encapsulates the package and sends it to the anycast address of the network B routers. The SATP packet arrives at one of network B's routers and gets decapsulated and routed to it's destination within network B. </p> <a name="anchor7"></a><br /><hr /> <a name="rfc.section.2.2"></a><h3>2.2. @@ -436,17 +436,17 @@ The appan</h3> <tr><td class="author-text"> </td> <td class="author-text">Othmar Gsenger</td></tr> <tr><td class="author-text"> </td> -<td class="author-text">Sporgasse 6</td></tr> +<td class="author-text">Puerstingerstr 32/7</td></tr> <tr><td class="author-text"> </td> -<td class="author-text">Graz 8010</td></tr> +<td class="author-text">Saalfelden 5760</td></tr> <tr><td class="author-text"> </td> <td class="author-text">AT</td></tr> <tr><td class="author" align="right">Phone: </td> <td class="author-text"></td></tr> <tr><td class="author" align="right">Email: </td> -<td class="author-text"><a href="mailto:otti@wirdorange.org">otti@wirdorange.org</a></td></tr> +<td class="author-text"><a href="mailto:satp@gsenger.com">satp@gsenger.com</a></td></tr> <tr><td class="author" align="right">URI: </td> -<td class="author-text"><a href="http://anytun.org/">http://anytun.org/</a></td></tr> +<td class="author-text"><a href="http://www.gsenger.com/satp/">http://www.gsenger.com/satp/</a></td></tr> </table> <a name="rfc.copyright"></a><br /><hr /> <h3>Full Copyright Statement</h3> diff --git a/internet-draft-satp.txt b/internet-draft-satp.txt index eda4f18..5bc08ab 100644 --- a/internet-draft-satp.txt +++ b/internet-draft-satp.txt @@ -61,10 +61,9 @@ Abstract The secure anycast tunneling protocol (satp) defines a protocol used for communication between any combination of unicast and anycast - tunnel endpoints. It has less protocol overhead than IPSec in Tunnel - mode and allows tunneling of every ETHER TYPE protocol (e.g. - ethernet, ip, arp ...). satp directly includes cryptography and - message authentication based on the methodes used by SRTP. It is + tunnel endpoints. It allows tunneling of every ETHER TYPE protocol + (e.g. ethernet, ip, arp ...). SATP directly includes cryptography + and message authentication based on the methodes used by SRTP. It is intended to deliver a generic, scaleable and secure solution for tunneling and relaying of packets of any protocol. @@ -108,6 +107,7 @@ Abstract + Gsenger Expires September 2, 2007 [Page 2] Internet-Draft secure anycast tunneling protocol (satp) March 2007 @@ -118,7 +118,7 @@ Internet-Draft secure anycast tunneling protocol (satp) March 2007 SATP is somehow a mixture of an generic encapsulation protocol as GRE [1] and a secure tunneling protocol as IPsec [2] in tunnel mode. To save some header overhead it uses the encryption technices of SRTP - [3]. It supports peer to peer tunnels, where tunnel endpoints CAN be + [3]. It supports peer to peer tunnels, where tunnel endpoints can be any combination of unicast, multicast or anycast hosts, so it defines a Host Anycast Service [4] @@ -199,12 +199,12 @@ Internet-Draft secure anycast tunneling protocol (satp) March 2007 Figure 1 - In this scenario the payload of a SATP packet is transmitted from one - unicast host to one of the anycast routers. This router makes a - routing descision based on the underlying protocol and transmits a - new SATP package to one or more unicast hosts depending on the - routing descition. - + In this scenario the payload gets encapsuleted into a SATP packet by + a unicast host and gets transmitted to one of the anycast routers. + It than gets decapsulated by the router. This router makes a routing + descision based on the underlying protocol and transmits a new SATP + package to one or more unicast hosts depending on the routing + descition. @@ -268,11 +268,11 @@ Internet-Draft secure anycast tunneling protocol (satp) March 2007 Figure 3 Network A has multible routers, that act as gateway/tunnel endpoint - to another network B. This is done to build e redundant encrpted - tunnel connection between the to networks. All tunnel endpoints of + to another network B. This is done to build a redundant encrpted + tunnel connection between the two networks. All tunnel endpoints of network A share the same anycast address and all tunnel endpoints of - network B share another anycast address. - + network B share another anycast address. When a packet from network + a gets transmitted to network B, it first arrives on one of networks @@ -281,6 +281,12 @@ Gsenger Expires September 2, 2007 [Page 5] Internet-Draft secure anycast tunneling protocol (satp) March 2007 + A border routers. Which router is used is determined by network A's + internal routing. This router encapsulates the package and sends it + to the anycast address of the network B routers. The SATP packet + arrives at one of network B's routers and gets decapsulated and + routed to it's destination within network B. + 2.2. Encapsulation SATP does not depend an which lower layer protocols is used, but it's @@ -323,12 +329,6 @@ Internet-Draft secure anycast tunneling protocol (satp) March 2007 Tunneling of IPv6 over IPv4 with RTP payload - Figure 4 - - When using UDP no flow controll or retransmission is done, neigther - by UDP nor anytun. The encapsulated protocol HAS TO take care of - this tasks if needed. UDP however has a checksum of the complete udp - datagram, so a packet gets discarded if there is a biterror in the @@ -337,6 +337,12 @@ Gsenger Expires September 2, 2007 [Page 6] Internet-Draft secure anycast tunneling protocol (satp) March 2007 + Figure 4 + + When using UDP no flow controll or retransmission is done, neigther + by UDP nor anytun. The encapsulated protocol HAS TO take care of + this tasks if needed. UDP however has a checksum of the complete udp + datagram, so a packet gets discarded if there is a biterror in the payload 2.3. Fragmentation @@ -382,12 +388,6 @@ Internet-Draft secure anycast tunneling protocol (satp) March 2007 - - - - - - Gsenger Expires September 2, 2007 [Page 7] Internet-Draft secure anycast tunneling protocol (satp) March 2007 @@ -620,13 +620,13 @@ Internet-Draft secure anycast tunneling protocol (satp) March 2007 Author's Address Othmar Gsenger - Sporgasse 6 - Graz 8010 + Puerstingerstr 32/7 + Saalfelden 5760 AT Phone: - Email: otti@wirdorange.org - URI: http://anytun.org/ + Email: satp@gsenger.com + URI: http://www.gsenger.com/satp/ diff --git a/internet-draft-satp.xml b/internet-draft-satp.xml index 6c80339..a66377d 100644 --- a/internet-draft-satp.xml +++ b/internet-draft-satp.xml @@ -41,13 +41,13 @@ <keyword>secure</keyword> <keyword>protocol</keyword> <abstract> - <t>The secure anycast tunneling protocol (satp) defines a protocol used for communication between any combination of unicast and anycast tunnel endpoints. It has less protocol overhead than IPSec in Tunnel mode and allows tunneling of every ETHER TYPE protocol (e.g. ethernet, ip, arp ...). satp directly includes cryptography and message authentication based on the methodes used by SRTP. It is intended to deliver a generic, scaleable and secure solution for tunneling and relaying of packets of any protocol. + <t>The secure anycast tunneling protocol (satp) defines a protocol used for communication between any combination of unicast and anycast tunnel endpoints. It allows tunneling of every ETHER TYPE protocol (e.g. ethernet, ip, arp ...). SATP directly includes cryptography and message authentication based on the methodes used by SRTP. It is intended to deliver a generic, scaleable and secure solution for tunneling and relaying of packets of any protocol. </t> </abstract> </front> <middle> <section title='Introduction'> - <t>SATP is somehow a mixture of an generic encapsulation protocol as <xref target="RFC2784">GRE</xref> and a secure tunneling protocol as <xref target="RFC2401">IPsec</xref> in tunnel mode. To save some header overhead it uses the encryption technices of <xref target="RFC3711">SRTP</xref>. It supports peer to peer tunnels, where tunnel endpoints CAN be any combination of unicast, multicast or anycast hosts, so it defines a <xref target="RFC1546">Host Anycast Service</xref></t> + <t>SATP is somehow a mixture of an generic encapsulation protocol as <xref target="RFC2784">GRE</xref> and a secure tunneling protocol as <xref target="RFC2401">IPsec</xref> in tunnel mode. To save some header overhead it uses the encryption technices of <xref target="RFC3711">SRTP</xref>. It supports peer to peer tunnels, where tunnel endpoints can be any combination of unicast, multicast or anycast hosts, so it defines a <xref target="RFC1546">Host Anycast Service</xref></t> </section> <section title="Motivation and usage scenarios"> <t>This section gives an overview of possible usage scenarios. Please note, that the protocols used in the figures are only examples and that SATP itself does not care about either transport protocols or encapsulated protocols. Routing is not done by SATP and each implemetation MAY choose it's own way of doing this task (e.g. using functions provided by the operating system). SATP is used only to encapsulate and encrypt data.</t> |