[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Path MTU Discovery
Ben,
It is worth noting that none of the IPsec RFCs cite any of the IP-in-IP
RFCs. This is not an accident. With IPsec, one is not performing IP-in-IP.
Rather, one is performing IP-in-AH or IP-in-ESP. The IP-in-IP RFCs don't
include IPsec within their scope.
It was quite intentional that this was done. It is equally intentional
that the IPsec RFCs haven't been citing the IP-in-IP RFCs.
In effect, ESP tunnel mode uses the outer IP as a link-layer. Copying
DF bit is not prohibited for IPsec tunneling, but neither is it required
for IPsec tunneling.
Ran
rja@inet.org
who wrote the relevant IPsec RFCs...
References: