[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPsec Architecture -- proposed changes
C. Harald Koch writes
>I like most of the changes, however:
>In message <199710070649.CAA15157@relay.hq.tis.com>, Karen Seo writes:
>>
>> <-------- How Outer Hdr Relates to Inner Hdr
--------->
> >>IPv4 Outer Hdr at Encapsulator Inner Hdr at
> Decapsulator
> >> Header fields
>> TTL copy from inner header (2) copy from outer hdr
(2) &
>> decrement before forwarding decrement before
forwarding
>This makes traceroute output look really weird when going through a
tunnel.
>The question is, should a tunnel look like a single IP hop or not? I'm
of
>the VPN religion, and so I believe that tunnels should look like a
direct
>(one hop) link between the two hosts/routers.
>Comments?
I'll ad my one cent ( I don't actively participate much but I feel
strongly here). I agree. I go to the same VPN church as Mr. Koch.
Jerry Freedman, Jr
GTE Gov't Systems