[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and Fragmentation

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: IPsec and Fragmentation
From: Stephen Kent <kent@bbn.com>
Date: Mon, 6 Jul 1998 17:05:23 -0400
Cc: heron@us.ibm.com (Karen Heron), ipsec@tis.com
In-Reply-To: <199807061701.KAA11334@kebe.eng.sun.com>
References: <5040300017918088000002L082*@MHS> from "Karen Heron" at Jul 6,98 12:52:07 pm
Sender: owner-ipsec@ex.tis.com

Dan and Karen,

Section 3.2.5 of the architecture document states that transport mode is
always applied to whole IP datagrams, but that tunnel mode may be applied
to packet fragments.  This was motivated by the need to accommodate
security gateways, and BITS, BITW implementations, but you can legitimately
apply tunnel mode processing in this fashion in your host to make matching
of MTU info to the headers easier.  The IPsec receiver at H2 does not know
whether you have a BITS or BITW implementation vs. a native implementation,
so it must be prepared to accept encapsulated fragments in tunnel mode.

Steve

References:

Re: IPsec and Fragmentation

From: Karen Heron <heron@us.ibm.com>

Re: IPsec and Fragmentation

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: Re: IPsec and Fragmentation
Next by Date: Serous system failure
Prev by thread: Re: IPsec and Fragmentation
Next by thread: Re: IPsec and Fragmentation
Index(es):
- Main
- Thread