[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec Architecture -- proposed changes
In message <199710071547.LAA03894@istari.sandelman.ottawa.on.ca>, "Michael C. Richardson" writes:
>
> Okay, which end decrements then?
> The far end is the one "forwarding" so it should do it.
> The near end can be thought to be forwarding as well.
Agreed, they're *both* forwarding the packet; one into the tunnel, and one
out of the tunnel. RFC 2003 specifies good behaviour TTL handling with IP in
IP tunneling.
> We have not yet resolved a question I raised awhile ago: how are
> ICMP's from distant routers (beyond the "far" router) allowed to enter
> the tunnel?
Agreed :-)
--
Harald <chk@utcc.utoronto.ca>
Follow-Ups:
References: