[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TTL and IPsec

To: ipsec@tis.com, Rodney Thayer <rodney@sabletech.com>
Subject: Re: TTL and IPsec
From: Kevin Brock <brock@netmanage.com>
Date: Mon, 7 Jul 1997 08:39:56 -0800
References: <3.0.1.32.19970707093520.006d23ac@pop3.pn.com>
Sender: owner-ipsec@ex.tis.com

On Mon, 07 Jul 1997 09:35:20 -0400 <rodney@sabletech.com> wrote:
> I disagree that a tunnel endpoint should always decrement the TTL.  If
> you're a client, and if you're near the edge of the TTL radius, you can
> drop things you shouldn't be dropping.  Some people think that end systems
> that decrement the TTL too much are broken.  Think about how you want
> 'traceroute' to look.
> 
> TTL is going to get whacked out anyway, since the INNER IP header isn't
> going to have it's TTL decremented as the packet travels through the net.
> I bet someone with IP-over-IP experience has something to add to this...

I was just going over that RFC recently...  According to 
that document (RFC2003):

  1. The TTL of the inner IP is decremented by the encapsulator iff the 
     datagram is being forwarded.  
  2. The TTL of the outer IP header is set according to the length of the 
     tunnel, and is handled normally.
  3. The TTL of the inner IP header is not decremented on decapsulation.
  4. But, If the datagram is forwarded *after* decapsulation, the TTL is 
     decremented.

Since the tunnel can be thought of as a wire between the two endpoints, this
makes perfect sense...

Kevin Brock
<brock@netmanage.com>

Follow-Ups:

Re: TTL and IPsec

From: "C. Harald Koch" <chk@utcc.utoronto.ca>

References:

TTL and IPsec

From: Rodney Thayer <rodney@sabletech.com>

Prev by Date: I-D ACTION:draft-ietf-ipsec-doc-roadmap-00.txt (resend)
Next by Date: Re: TTL and IPsec
Prev by thread: Re: TTL and IPsec
Next by thread: Re: TTL and IPsec
Index(es):
- Main
- Thread