[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
>Mark,
>Please allow me to dispose of this view with some facts. First, L2TP is
>a standards track document that has support of many vendors, of which
>cisco and Microsoft are only two.
>
>Further, the fact that L2TP exists and is supported by both companies
>you single out is actually a tribute to support of IETF standards by
>each in the face of significant opposing development efforts. Clearly,
>if either were to try and capitalize on past development efforts as you
>suggest, L2TP would not exist and the world would have to choose between
>cisco's support of L2F and Microsoft's support of PPTP (each joint
>development efforts in their own right). No IETF. No standard RFC.
My understanding of the history, is that L2TP represents a detente
agreement between MS and Cisco in this arena, which was then brought
to the IETF for standardization. PPTP, and it's impressive security
complement, MPPEP, make for a laughable combination. I don't know
what Cisco envisioned as security for L2F, but it is clear that the
IESG mandated that L2TP not progress without a credible security
component, and so LT2P adopted IPsec, but in a fashion that is
architectually questionable.
>Creation of L2TP and support of it is precisely the opposite of what you
>are claiming. Here Microsoft and cisco are both championing support of
>an IETF standard protocol, in direct opposition to that which each
>developed in-house and deployed first, and you are still being branding
>both as evil?
Calling MS evil would be stating the obvious, as so many recent
events have illustrated :-).
>
> > sending non-IP packets, L2TP is appropriate, but if I am sending IP,
> > then the extra headers introduced by L2TP are not only wasteful of
> > bandwidth on a continuing basis, but they also interfere with the
>
>Let's talk facts again. On a highly scaled, high bandwidth system,
>header size becomes increasingly less important. Over slow dialup lines,
>of course, it is worthwhile to try and get the header as small as
>possible. Negotiate PPP ACFC and PFC, and you get 1 byte of PPP header.
>L2TP's typical header for a voluntary tunnel would be either 6 bytes, or
>perhaps even 1 byte if you perform l2tphc.
>
>2 bytes (or even 7 bytes w/o l2tphc) of overhead for l2tp and ppp is
>small potatoes compared to ESP tunnel mode on each packet.
>
>Also, you get all sorts of nifty things that PPP is working on to reduce
>overhead. For instance, draft-ietf-pppext-pppmux-00.txt allows you to
>frame small packets into a single PPP frame. Given IPsec's large header,
>multiplexing small packets into a single frame before encrypting and
>tunneling could result in a *significant* header overhead reduction.
>Care to add that to IPsec's repertoire of features too?
Reasonable points re my per packet overhead criticism, although the
excess is still just wasted space, whereas the ESP header is
essential for the function in question. Still, from a single, dialup
host, it's not clear under what circumstances the multi-packet muxing
will be invoked.
Steve
Follow-Ups:
References: