[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PPP over IPSec (without L2TP)?
>>>>> "Ari" == Ari Huttunen <Ari.Huttunen@datafellows.com> writes:
Ari> ...
Ari> As to the re-ordering of packets by IPSec.. IPSec already does
Ari> sequence numbers. It shouldn't be too difficult to define a new
Ari> IPSec SA attribute negotiable by IKE that says "sequenced
Ari> delivery of packets required". The recieving IPSec
Ari> implementation would perhaps try to re-order packets during a
Ari> few milliseconds or whatever, and drop packets that come after
Ari> that.
Yuck.
Sure, it would be easy enough to add such an attribute, but adding the
actual mechanism is quite another matter.
Sequence protection doesn't belong in IP. It hasn't been there for 30
years, and it doesn't make sense to add it now. I very much doubt
that you could get agreement to add such a thing as a mandatory
capability (certainly I'd object loudly) or even as a recommended
capability.
paul
Follow-Ups:
References: