multi technology packet classification

[Ricky Charlet <rcharlet@xxxxxxxxxxxx>]

Howdy,

	I have remarked on this list before that I think a gateway should only
do packet classification once and then proceed to do what ever list of
actions it needs to (IPsec, Qos/DiffServ, NAT, StatefulFirewall...). I
said this because current trends in the IETF have IPsec and QOS
developing their own independant packet classification systems for use
with matching packets to their own particular actions.

	Now in thinking further about the problem of building a
grand-unified-packet classification model (which would take just too
much banter to make it ever happen) I've struk upon a simpler notion.

	CIM could define (may be they have, I don't read much Policy draft
stuff) a generalized  PolicyRule contains a packetClassifyingCondition
matched to a list of actions. Maybe CIM could provide just a few simple
packet classifiers but most importantly should provide the hooks in the
model where particular technologies to derive further and more
particular packetClassifyingConditions (and please, I don't mean to
start any terminology wars. I'm sure there are 'right' words for the
concepts I am talking about here, just fill them in). That way, when a
packet gets classified, it wont automatically be captured into only an
IPsec action only or a QOS action only because the PolicyRule which held
the condition where the packet was matched now associates an action list
with the condition.


-- 
  Ricky Charlet   : Redcreek Communications   : usa (510) 795-6903