[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TTL and IPsec

To: Kevin Brock <brock@netmanage.com>
Subject: Re: TTL and IPsec
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Mon, 7 Jul 1997 13:15:05 -0400
cc: ipsec@tis.com, Rodney Thayer <rodney@sabletech.com>
In-reply-to: Your message of "Mon, 07 Jul 1997 12:39:56 -0400". <Chameleon.868290624.brock@caliban>
References: <3.0.1.32.19970707093520.006d23ac@pop3.pn.com> <Chameleon.868290624.brock@caliban>
Sender: owner-ipsec@ex.tis.com

> I was just going over that RFC recently...  According to 
> that document (RFC2003):
> 
>   1. The TTL of the inner IP is decremented by the encapsulator iff the 
>      datagram is being forwarded.  
>   2. The TTL of the outer IP header is set according to the length of the 
>      tunnel, and is handled normally.
>   3. The TTL of the inner IP header is not decremented on decapsulation.
>   4. But, If the datagram is forwarded *after* decapsulation, the TTL is 
>      decremented.
> 
> Since the tunnel can be thought of as a wire between the two endpoints, this
> makes perfect sense...

This treats an IPsec tunnel as a point-to-point link, as far as the inner IP
packet is concerned. Makes perfect sense to me. Among other things, this
makes the output of a traceroute through a tunnel 'look' right ...

-- 
Harald Koch <chk@utcc.utoronto.ca>

References:

TTL and IPsec

From: Rodney Thayer <rodney@sabletech.com>

Re: TTL and IPsec

From: Kevin Brock <brock@netmanage.com>

Prev by Date: Re: TTL and IPsec
Next by Date: Clarification on ISAKMP Informational Exchange
Prev by thread: Re: TTL and IPsec
Next by thread: I-D ACTION:draft-ietf-ipsec-cbc-00.txt
Index(es):
- Main
- Thread