Re: IPSEC and MPLS priority for 2.6?

["James R. Leu" <jleu@mindspring.com>]

On Thu, Dec 18, 2003 at 09:36:15AM +0200, Pekka Savola wrote:
> Hi,
> 
> Andrew characterized (or Dave) did the lack of MPLS support as a huge 
> issue for serious IPSEC usage in:
> 
> ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/must-fix/should-fix-7.txt
> [see below]
> 
> .. I don't agree.  MPLS is only needed for IPsec VPNs in the case that 
> Linux is being used as an MPLS router, like as Provider Edge device.  
> I think it's safe to say this is close to a marginal application of 
> Linux.  I don't think this is Priority 1 ("we're totally lame if we 
> don't do it") thing -- at least from the IPsec perspective.  I'd 
> suggest pushing it down in the priority list.

I would agree that MPLS is _not_ "a huge issue for serious IPSEC usage".

> But of course, if a rewrite is already almost done, I have no 
> objections to merging it.  I'd just like to point out that IMHO MPLS 
> is _not_ one of our "core" technologies to worry about :-).

Dave's work has been passed off to jamal.  Jamal, myself, and Ramon Casellas
are working at combining/cleaning up the existing "crappy" implementation
(which is the very technical term davem used to describe my implementation).
None the less work is progressing.

> (Btw, there's a lot of claimed IPR on MPLS technologies, not sure if 
> that's a problem or not.)

Up till now there has not been any issues.  Most of the IPR claims state
that the holder will grant "a non-exclusive license under reasonable and
non-discriminatory terms and conditions".

To be on the safe side, I will contact the parties that feel they have IPR
related to the areas of MPLS that pertain to our implementation.  I'll use
the IETF's 'Page of Intellectual Property Rights Notices' as my source for
IPR claims pertaining to MPLS unless someone else can point out an
alternative location to look.

--
James R. Leu
jleu@mindspring.com


> ****** snip *******
> 
> net/
> ~~~
> 
>   (davem)
> 
> o Real serious use of IPSEC is hampered by lack of MPLS support.  MPLS is a
>   switching technology that works by switching based upon fixed length labels
>   prepended to packets.  Many people use this and IPSEC to implement VPNs
>   over public networks, it is also used for things like traffic engineering.
> 
>   A good reference site is:
> 
> 	http://www.mplsrc.com/
> 
>   Anyways, an existing (crappy) implementation exists.  I've almost
>   completed a rewrite, I should have something in the tree next week.
> 
>   PRI1
> 
> 
> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>