[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To compress or not to compress.

To: ipsec@tis.com
Subject: To compress or not to compress.
From: "Baiju V. Patel" <baiju@ibeam.jf.intel.com>
Date: Wed, 05 Mar 1997 15:40:52 -0800
Sender: owner-ipsec@ex.tis.com


I vote against including compression as part of IPSEC protocol for the
following reasons.

If each packet is compressed individually, and the dictionary is
refreshed for each and every packet, the gain in performance is not
clear at all (because there are many small packets on the Internet,
and there is lot of compressed content). The only gain is in compressing
large data packets which are not previously compressed by the
applications. So, I don't see how this will improve the performance
significantly. 

The efficiency of compression improves with increasing
data size. Therefore, one can argue for compressing many packets using
a single dictionary. If such a scheme is deployed at network layer, it
can lead to significant problems for TCP because loss of single packet
can lead to loss of many TCP packets and timeouts.

Here is an example (Assume that dictionary is updated every 10
packets.) 

   - Host A is sending packets to B (these are TCP packets).

   - Host A transmits packet 1, 2 and 3 in that order to host B.
  
   - Host B receives packet 1 and decompresses it, updates its
   dictionary.

   - Packet 2 is lost and packet 3 is received successfully. The packet
   three cannot be correctly decompressed at B because 2 is lost. It
   also gets dictionary out of sinc. 

   - After TCP timeout, host A retransmits packet 2 and 3  to B (note that
   these packets are compressed again because at IP layer, the
   compression algorithm has no knowledge that it is indeed a
   retransmitted packet).

   - since the dictionary is out of sink, the packets are incorrectly
   decompressed and hence discarded.

   - This goes on until the dictionary is updated. 

In conclusion, loss of single packet (or out of order delivery), can
lead to serious problems for TCP traffic.

Therefore, I vote ``no'' for including compression at IPSEC layer. 
I am all for applications compressing.

Note that this not the situation with SSL where the TCP transmits
compressed stream. Therefore, the compressed data is reliably received
prior to decompression. (It is no different from transmitting a
compressed file). So, just because it is true for SSL does not
guarantee that it will work for IPSEC (as efficiently).

Prev by Date: Re: How many algorithms per SA/Transform?
Next by Date: Re: How many algorithms per SA/Transform?
Prev by thread: I-D ACTION:draft-ietf-ipsec-ipsec-doi-02.txt
Next by thread: question about draft semantics
Index(es):
- Main
- Thread