[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TO COMPRESS OR NOT TO CMPRS (please reply)

To: Phil Karn <karn@qualcomm.com>
Subject: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
From: Marcel Waldvogel <mwa@ebony.ccrc.wustl.edu>
Date: Fri, 28 Feb 97 00:04:50 -0600
cc: dharkins@cisco.com, rmonsour@earthlink.net, ipsec@tis.com
In-Reply-To: <199702280157.RAA14365@servo.qualcomm.com>
References: <199702280157.RAA14365@servo.qualcomm.com>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 27 Feb 1997, Phil Karn wrote:
> >I support the use of compression but not in IPsec. It should be done up
> >higher, perhaps the transport level. It's better to compress the stream
> >of data before it's divided into packets than to wait and compress each
> >packet. I'd rather see 50 packets then 100 smaller ones.
>
> I feel exactly the same way. I've seen nothing that can beat the
> performance of gzip-style compress up above TCP, e.g., in SSH with the
> -C option.  The fact that gzip is widely distributed GNUware, free of
> patent concerns, is just icing on the cake.

Phil, Daniel,

undoubtedly, knowledge about the data to be compressed, be it format
or the fact that it will be received reliably e.g. over TCP, can
result in impressive improvements.

On the other hand, the goal we're all working for --wide deployment
of IPsec-- will render most currently employed Link Layer compression
schemes useless. Yet many Intranets and dial-up users rely on these
resulting bandwidth improvements, making IPsec deployment very hard
or impossible in many places.

Application Layer compression provides a viable solution.  But it
requires all applications to be rewritten to maintain the throughput
as currently achieved using LL compression, so only applications
made "IPsec-aware" using AL compression will perform well.

IPsec network performance and thus acceptance will be much better
if we start off with provisions for NL compression, which can be
disabled on a per connection/per SA basis when applications start
doing their own AL compression or know they're transmitting
incompressible data.

By providing NL compression, no additional burden is placed on the
software developers, because many applications will want to become
IPsec-aware (specifying their security requirements). For other
applications that do not need full IPsec-awareness, but are just
adding AL compression, the changes needed to tell IPsec to disable
NL compression will be minimal.

So I think NL compression will vital to IPsec. Of course, it should
be configurable on a per-machine/per-connection basis by the
sysadmin/application, like all other IPsec parameters. The effort
of adding it once at the NL will be much less than adding compression
to all applications.

- -Marcel
-----BEGIN PGP SIGNATURE-----
Version: 2.6
Charset: next

iQCVAwUBMxZ1h8qBByDTF1SlAQFbFQQAiU9OmEnnD9maOr37ErBgjmcmPcP/HvnA
0KKgoZg7Dh8rsBrS9I3HrAQ8Hl5OqOUiSaM5+Zgyj/mILJrYW7MuqYic4aiBZf84
Jk9kLTsnUl2K2lgL791+4Gg9MH7tWfpX4nngjffBuFdaNvabnVQdSYdiR98Dv8HN
0AJdekCOXDk=
=kdEM
-----END PGP SIGNATURE-----

References:

Re: TO COMPRESS OR NOT TO CMPRS (please reply)

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Next by Date: transport vs network and ipsec syn
Prev by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Index(es):
- Main
- Thread