[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MSS option with IPSEC.

To: itojun@itojun.org, sommerfeld@orchard.arlington.ma.us
Subject: Re: MSS option with IPSEC.
From: David Borman <dab@bsdi.com>
Date: Mon, 24 Aug 1998 16:50:15 -0500 (CDT)
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
> Subject: Re: MSS option with IPSEC. 
> Date: Mon, 24 Aug 1998 16:43:27 -0400
> ...
> The mss value isn't as important as the path MTU; if your TCP
> implements MTU discovery (and it interacts correctly with your ipsec
> .. i.e., ipsec causes the percived MTU to shrink) the right thing
> should happen as long as the MSS is big enough..

And that is the key.  If one endpoint is the minimum MTU, and it
decreases the MSS option to account for the ESP/AH header, and
the sender also decreases the TCP data to account for the ESP/AH
header, then it won't be sending maximum size packets.  Since it
is the sender that knows what is really going into the packet,
it is the sender that needs to adjust the TCP data to account
for the IP/TCP options and the ESP/AH header, and MSS should
remain at MTU - 40.

			-David Borman, dab@bsdi.com

Prev by Date: Re: MSS option with IPSEC.
Next by Date: Re: MSS option with IPSEC.
Prev by thread: Re: MSS option with IPSEC.
Next by thread: IKE use of DOI=0
Index(es):
- Main
- Thread