[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bridging non-IP traffic over IPSec

To: dharkins@network-alchemy.com
Subject: Re: Bridging non-IP traffic over IPSec
From: John Shriver <jas@shiva.com>
Date: Mon, 22 Feb 1999 16:35:13 -0500
CC: skelly@redcreek.com, dpj@world.std.com, svakil@internetdevices.com, ipsec@tis.com
In-reply-to: <199902222114.NAA21061@potassium.network-alchemy.com> (messagefrom Dan Harkins on Mon, 22 Feb 1999 13:14:55 -0800)
Sender: owner-ipsec@ex.tis.com

Well, if L2TP will be in Windows 2000, that means that anyone who
wants to support mobile multiprotocol IPSec clients can do PPP, L2TP,
ESP, and the appropriate PPP NCP's.  It's all standards-track.

I'm not sure if a different solution for inter-security-gateway
connections is called for?  Can vendors of that solution ignore
Windows 2000, and not implement PPP/L2TP?

On the other hand, the larger header overhead of L2TP/UDP makes the
fragmentation mess worse, and with IPX you can't prevent fragmentation
in the intra-security-gateway configuration.  GRE does address that.
That's a very real advantage to GRE.  Well, it's also a lot simpler to
implement than PPP/L2TP.

Another approach to fixing the L2TP overhead issue would be to resume
the efforts to get a IP Protocol Number that can be used for the L2TP
data channel.  It was an area that got attention before, but then was
abandoned due to arguing that L2TP wasn't a general-purpose enough
protocol to deserve an IP Protocol Number.  If it becomes important
enough in the IPSec arena, that restriction may no longer hold.

Let's remember that PPP NCP option negotiation is a real operational
benefit.

References:

Re: Bridging non-IP traffic over IPSec

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Re: Bridging non-IP traffic over IPSec
Next by Date: RE: Bridging non-IP traffic over IPSec
Prev by thread: Re: Bridging non-IP traffic over IPSec
Next by thread: RE: Bridging non-IP traffic over IPSec
Index(es):
- Main
- Thread