[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPsec Architecture -- proposed changes



C. Harald Koch writes
>I like most of the changes, however:

>In message <199710070649.CAA15157@relay.hq.tis.com>, Karen Seo writes:
>> 
>>                      <-------- How Outer Hdr Relates to Inner Hdr
--------->
> >>IPv4                 Outer Hdr at Encapsulator    Inner Hdr at
> Decapsulator
> >>  Header fields
>>     TTL              copy from inner header (2)   copy from outer hdr
(2) &
>>                      decrement before forwarding  decrement before
forwarding

>This makes traceroute output look really weird when going through a
tunnel.
>The question is, should a tunnel look like a single IP hop or not? I'm
of
>the VPN religion, and so I believe that tunnels should look like a
direct
>(one hop) link between the two hosts/routers.

>Comments?

I'll ad my one cent ( I don't actively participate much but I feel
strongly here). I agree. I go to the same VPN church as Mr. Koch. 

                                    Jerry Freedman, Jr
                                    GTE Gov't Systems