[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TTL and IPsec
On Mon, 07 Jul 1997 09:35:20 -0400 <rodney@sabletech.com> wrote:
> I disagree that a tunnel endpoint should always decrement the TTL. If
> you're a client, and if you're near the edge of the TTL radius, you can
> drop things you shouldn't be dropping. Some people think that end systems
> that decrement the TTL too much are broken. Think about how you want
> 'traceroute' to look.
>
> TTL is going to get whacked out anyway, since the INNER IP header isn't
> going to have it's TTL decremented as the packet travels through the net.
> I bet someone with IP-over-IP experience has something to add to this...
I was just going over that RFC recently... According to
that document (RFC2003):
1. The TTL of the inner IP is decremented by the encapsulator iff the
datagram is being forwarded.
2. The TTL of the outer IP header is set according to the length of the
tunnel, and is handled normally.
3. The TTL of the inner IP header is not decremented on decapsulation.
4. But, If the datagram is forwarded *after* decapsulation, the TTL is
decremented.
Since the tunnel can be thought of as a wire between the two endpoints, this
makes perfect sense...
Kevin Brock
<brock@netmanage.com>
Follow-Ups:
References: