[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Latest AH/ESP/Arch drafts and changes



Karen

Sorry about the slow response - I was out of the office for a day or so.

At 00:39 12/05/98 -0400, Karen Seo wrote:
>Hi Peter,
>
>I was under the impression that no change was to be made.  In part, some
>of the email seemed to be saying the current text was fine.  Also, some
>folks were saying that ND should *not* work across an IPsec tunnel (I
>believe it was stated that ND should use transport mode).  And the text
>as is supports that.  If we change the architecture to say that a system
>which is both the source of a packet and the source end of a tunnel
>should NOT decrement the TTL, then ND could still work across the IPsec
>tunnel.
>
>Karen
> 

I was about to write you a long explanation of why I thought that there was
an issue here concerning the wording, not actually related to NDP et al.
Basically, I think the text is ambiguous as it stands and requires
clarification to bring it into line with the RFC2003 description of
tunnelling:

.   When encapsulating a datagram, the TTL in the inner IP header is
   decremented by one if the tunneling is being done as part of
   forwarding the datagram; otherwise, the inner header TTL is not
   changed during encapsulation.  If the resulting TTL in the inner IP
   header is 0, the datagram is discarded and an ICMP Time Exceeded
   message SHOULD be returned to the sender.  An encapsulator MUST NOT
   encapsulate a datagram with TTL = 0.
   The TTL in the inner IP header is not changed when decapsulating.
   If, after decapsulation, the inner datagram has TTL = 0, the
   decapsulator MUST discard the datagram.  If, after decapsulation, the
   decapsulator forwards the datagram to one of its network interfaces,
   it will decrement the TTL as a result of doing normal IP forwarding.

However, later on in my mailbox I find this from Thomas Narten which seems
to satisfy the situation well.

>I think one can argue that the text as written is not incorrect.
>However, given the confusion on this point, it might be a good idea to
>add a sentence to insure there is no misunderstanding.  Specifically,
>for the text:
>
>        2. The TTL in the inner header is decremented by the
>           encapsulator prior to forwarding and by the decapsulator if
>           it forwards the packet.  (The checksum changes when the TTL
>           changes.)
>
>how about adding something like:
>
>	   Note: The decrementing of the TTL is one of the usual
>	   actions that takes place when forwarding a packet. Packets
>	   originating from the same node as the encapsulator do not
>	   have their TTLs decremented, as the sending node is
>	   originating the packet rather than forwarding it.
>
>Thomas	   
>

Regards

Peter Curran
TICL