[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec Architecture -- proposed changes



In message <199710071547.LAA03894@istari.sandelman.ottawa.on.ca>, "Michael C. Richardson" writes:
> 
>   Okay, which end decrements then?
>   The far end is the one "forwarding" so it should do it.
>   The near end can be thought to be forwarding as well.

Agreed, they're *both* forwarding the packet; one into the tunnel, and one
out of the tunnel. RFC 2003 specifies good behaviour TTL handling with IP in
IP tunneling.

>   We have not yet resolved a question I raised awhile ago: how are
> ICMP's from distant routers (beyond the "far" router) allowed to enter
> the tunnel?

Agreed :-)

-- 
Harald <chk@utcc.utoronto.ca>


Follow-Ups: References: