next up previous
Next: Internet Security Association Key Up: A brief primer on Previous: Encapsulating Security Payload (ESP)

IP compression header (IPcomp)

A good encryption algorithm produces cyphertext that is evenly distributed. This makes it difficult to compress. If one wishes to compress the data it must be done prior to encrypting. The IPcomp header provides for this.

One of the problems of tunnel mode is that it adds 20 bytes of IP header, plus 28 bytes of ESP overhead to each packet. This can cause large packets to be fragmented. Compressing the packet first may make it small enough to avoid this fragmentation.



Michael Richardson
2002-06-26