[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-ipsec-arch-sec-02.txt
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Mohan" == Mohan Parthasarathy <Mohan.Parthasarathy@Eng.Sun.Com> writes:
Mohan> I have a clarification to make regarding the ICMP PMTU
Mohan> calcualtion. I want to make sure that my understanding is
Mohan> right regarding this though it could be just some
Mohan> implementation details.
Mohan> In section 6.1.2.2 and section B.3.2, there is some
Mohan> discussion regarding PMTU calculation.
>> The calculation of PMTU from an ICMP PMTU has to take into
>> account the addition of any IPsec header by H1 -- AH and/or ESP
>> transport, or ESP or AH tunnel.
Mohan> Is this true in general or it discusses the specific case
Mohan> of security gateway example ?
Mohan> I understand that in the case of Security Gateway reporting
Mohan> the PMTU to the host, it should account for the additional
Mohan> IPSEC header that it would insert for that host. In the
I believe that your understanding is correct.
A host implementation will have already dealt with reducing the PMTU
enough for the outgoing headers.
The issue is for non-host (whether BITS, BITW, or gateway)
implementations.
] ON HUMILITY: to err is human. To moo, bovine. | SSH IPsec [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNHLkdMmxxiPyUBAxAQGxhAL/d4wha9uOkfeGCEWUSi1xBx8zpQeIZpOV
K/P912P04GmASfewY8N1pAGk9Rm1ngUVKv+jL0nK0ZmyQS1/18Urv1Kjxy3TMnFs
NvtlVOQpicwZEvFkgbDVFGsAgmo6QFTR
=nOb6
-----END PGP SIGNATURE-----
References: