Re: PPP over IPSec (without L2TP)?

[Paul Koning <pkoning@xedia.com>]

>>>>> "Ari" == Ari Huttunen <Ari.Huttunen@datafellows.com> writes:

 Ari> ...
 Ari> As to the re-ordering of packets by IPSec.. IPSec already does
 Ari> sequence numbers. It shouldn't be too difficult to define a new
 Ari> IPSec SA attribute negotiable by IKE that says "sequenced
 Ari> delivery of packets required". The recieving IPSec
 Ari> implementation would perhaps try to re-order packets during a
 Ari> few milliseconds or whatever, and drop packets that come after
 Ari> that.

Yuck.

Sure, it would be easy enough to add such an attribute, but adding the 
actual mechanism is quite another matter.

Sequence protection doesn't belong in IP.  It hasn't been there for 30 
years, and it doesn't make sense to add it now.  I very much doubt
that you could get agreement to add such a thing as a mandatory
capability (certainly I'd object loudly) or even as a recommended
capability. 

	paul

---

Follow-Ups:

• Re: PPP over IPSec (without L2TP)?
• From: Ari Huttunen <Ari.Huttunen@datafellows.com>

References:

• RE: Re[2]: PPP over IPSec (without L2TP)?
• From: "Bernard Aboba" <aboba@internaut.com>
• Re: PPP over IPSec (without L2TP)?
• From: Ari Huttunen <Ari.Huttunen@datafellows.com>

---

• Prev by Date: Re: Outbound interface as a selector
• Next by Date: Re: PPP over IPSec (without L2TP)?
• Prev by thread: Re: PPP over IPSec (without L2TP)?
• Next by thread: Re: PPP over IPSec (without L2TP)?
• Index(es):
  • Main
  • Thread