[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec and TCP

To: ipsec@tis.com
Subject: IPsec and TCP
From: Naganand Doraswamy <naganand@ftp.com>
Date: Fri, 20 Dec 1996 17:04:40 -0500
Sender: owner-ipsec@ex.tis.com

This is regarding the behavior of TCP when a packet is queued at the IPsec
layer for want of keys. When TCP sends a packet down to the IPsec layer it
starts it times for retransmission. IPsec then queues the packet and starts
negotiating keys. If the TCP times out on the packet then it will modify its
congestion window parameters assuming that the network is congested.

Does it make sense for the IPsec layer to inform the TCP about the packet
being queued locally so that when TCP retransmits the packet, it does not
modify its congestion window? The advantage of doing this is that the
performance does not suffer. 

However, what if the network is really congested by the time the keys are
obtained. Should the connection start with slow start always.

There are merits for both the cases and I would like to hear other people's
views on this.


--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)

Prev by Date: Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention Security Transform to Proposed Standard
Next by Date: Re: IPsec and TCP
Prev by thread: Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention Security Transform to Proposed Standard
Next by thread: Re: IPsec and TCP
Index(es):
- Main
- Thread