[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows 2000 and Cicsco router interoperability



Stephen Kent wrote:
> 
> At 2:54 PM -0700 5/10/00, CHINNA N.R. PELLACURU wrote:
> >I can't speak for the whole of Cisco, but the way I look at it is:
> >
> >Modeconfig/Xauth are being supported as quick hack to get something to
> >work, and get something to customers, until there is a client that can do
> >IPSec and L2TP.
> >
> >I beleive that it is not our long term vision, to ship Modeconfig/Xauth. I
> >beleive that Cisco's long term goal is to follow whatever is standardized
> >in the IPSRA WG, because that's what IPSRA WG is chartered to solve.
> >
> 
> That's one view.
> 
> Another perspective is that L2TP over IPsec represents an effort by
> Microsoft & Cisco to preserve a joint development investment in L2TP,
> irrespective of its technical merit in this context :-). If I am

Please allow me to dispose of this view with some facts. First, L2TP is
a standards track document that has support of many vendors, of which
cisco and Microsoft are only two. 

Further, the fact that L2TP exists and is supported by both companies
you single out is actually a tribute to support of IETF standards by
each in the face of significant opposing development efforts. Clearly,
if either were to try and capitalize on past development efforts as you
suggest, L2TP would not exist and the world would have to choose between
cisco's support of L2F and Microsoft's support of PPTP (each joint
development efforts in their own right). No IETF. No standard RFC. 

Creation of L2TP and support of it is precisely the opposite of what you
are claiming. Here Microsoft and cisco are both championing support of
an IETF standard protocol, in direct opposition to that which each
developed in-house and deployed first, and you are still being branding
both as evil? 

> sending non-IP packets, L2TP is appropriate, but if I am sending IP,
> then the extra headers introduced by L2TP are not only wasteful of
> bandwidth on a continuing basis, but they also interfere with the

Let's talk facts again. On a highly scaled, high bandwidth system,
header size becomes increasingly less important. Over slow dialup lines,
of course, it is worthwhile to try and get the header as small as
possible. Negotiate PPP ACFC and PFC, and you get 1 byte of PPP header.
L2TP's typical header for a voluntary tunnel would be either 6 bytes, or
perhaps even 1 byte if you perform l2tphc. 

2 bytes (or even 7 bytes w/o l2tphc) of overhead for l2tp and ppp is
small potatoes compared to ESP tunnel mode on each packet.

Also, you get all sorts of nifty things that PPP is working on to reduce
overhead. For instance, draft-ietf-pppext-pppmux-00.txt allows you to
frame small packets into a single PPP frame. Given IPsec's large header,
multiplexing small packets into a single frame before encrypting and
tunneling could result in a *significant* header overhead reduction.
Care to add that to IPsec's repertoire of features too? 

> access controls that are an essential part of IPsec. One needs some
> means of dealing with bind time connection parameters, but use of
> L2TP on a continuing basis is an expensive means of achieving this
> goal.
> 
> Steve


Follow-Ups: References: