[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TTL and IPsec
> I was just going over that RFC recently... According to
> that document (RFC2003):
>
> 1. The TTL of the inner IP is decremented by the encapsulator iff the
> datagram is being forwarded.
> 2. The TTL of the outer IP header is set according to the length of the
> tunnel, and is handled normally.
> 3. The TTL of the inner IP header is not decremented on decapsulation.
> 4. But, If the datagram is forwarded *after* decapsulation, the TTL is
> decremented.
>
> Since the tunnel can be thought of as a wire between the two endpoints, this
> makes perfect sense...
This treats an IPsec tunnel as a point-to-point link, as far as the inner IP
packet is concerned. Makes perfect sense to me. Among other things, this
makes the output of a traceroute through a tunnel 'look' right ...
--
Harald Koch <chk@utcc.utoronto.ca>
References: