[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MTU issue

To: ipsec@ans.net
Subject: MTU issue
From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
Date: Sat, 24 Jun 95 17:05:08 EDT


Steve,

  For what its worth, IPv6 land should have Path MTU Discovery
universally deployed except for very small systems that will never
send any packet bigger than the smallest legal MTU size for IPv6.

  I agree it would be good to get the MTU data, but I'm not sure
whether or not it might belong inside the key mgmt mechanism
(especially if the same key mgmt mechanism were also used to
distribute security association/keying information for
OSPF/RIP/whatever) .  I'd be interested to hear of any other 
ideas on this.

  I'm still thinking about the SPI question that Rob Glenn raised.
I'm not sure its obvious what the right answer is just yet.  My own
thought had been that all of the network-layer packet fields were in
network-order whilst on the net and in host-order whilst being
processed by the host.  

  Recall that we only have required manual key distribution for the
present.  Consider that two systems A and B have opposite host byte
ordering and are using manual key distribution (i.e. administrator
types in the key on the console of each machine in, say, hexadecimal).
Maybe I'm not thinking clearly, but it seems to me that if the SPI
isn't in network-order within the transmitted packet while that packet
is on the wire, then the human doing the typing will have to (1) know
whether their is a byte ordering issue for the remote system and (2)
convert to the receiver's order prior to typing it in.  If this is so,
then I'd say that it ought to be in network-order whilst on the wire.

Corrections of my mistakes are solicited. :-)

Ran
rja@cs.nrl.navy.mil

Prev by Date: security protocols versus MTU
Next by Date: Re: MTU issue
Prev by thread: security protocols versus MTU
Next by thread: Re: MTU issue
Index(es):
- Main
- Thread