[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: API issues (was Re: IPsec and TCP )



I think this is a non-problem. There is plenty of precedent in the
Internet for paths that take a long time to handle the first packet,
then handle subsequent packets rapidly. Examples include
circuit-switched links, the most extreme being demand-dialed PPP
modems that can take ~30 sec to come up.

When TCP encounters such a path, it retransmits a few times but
recovers quickly if its RTT algorithms are implemented correctly. The
only harm is a few redundant SYN packets that come spewing through
once the link (or security association) is set up. I just can't get
too excited about them.

Of course, if the link is already up, none of the above applies. I
personally would not want to add a lot of layer violations to handle
something that isn't really a problem to begin with.

Phil




References: