[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MSS option with IPSEC.

To: Mohan.Parthasarathy@Eng.Sun.Com
Subject: Re: MSS option with IPSEC.
From: David Borman <dab@bsdi.com>
Date: Mon, 24 Aug 1998 14:41:32 -0500 (CDT)
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Mohan,

> Date: Mon, 24 Aug 1998 11:14:49 -0700 (PDT)
> From: Mohan Parthasarathy <Mohan.Parthasarathy@Eng.Sun.Com>
> Subject: MSS option with IPSEC.
> ...
> If a TCP connection is using AH or ESP does the mss option sent
> during the SYN account for the AH/ESP headers also ?

No.  The TCP MSS is
	MTU - sizeof(fixed TCP header) - sizeof(fixed IP header)
or, MTU - 40.  The sending side is then responsible for decreasing
the size of the TCP data to account for any IP or TCP options.
By extrapolation with the insertion of the AH and/or ESP header,
the sending TCP should also decrease the size of the TCP data
to account for that.  The MSS option is left unchanged.

Of course, if you are doing AH/ESP in the context of an encapsulating
tunnel, then the tunnel should have a smaller MTU to account for
the encapsulating headers.  So the MSS is still MTU - 40, but it will
be smaller because of the smaller MTU on the tunnel.

		-David Borman, dab@bsdi.com

Prev by Date: Re: MSS option with IPSEC.
Next by Date: IKE use of DOI=0
Prev by thread: Re: MSS option with IPSEC.
Next by thread: Re: MSS option with IPSEC.
Index(es):
- Main
- Thread