Placement of IPSec...

[Arvind Devarajan <arvindd@hotvoice.com>]

hi,
	i just had a doubt - where is IPSec placed in the network stack? 
conceptually, IPSec should be placed like this (please comment 
if wrong):

             +----------------+
             |      IP other functions   |
             |     (Like routing, etc.)   |
             +----------------+
             |                                  |
             |            IPSec              |
            +-----------------+
             |                                  |
             |   IP Fragmentation and |
             |   Re-assembly            |
            +-----------------+

this means, IP will have to be broken down, to insert IPSec. 
Does this mean that IPSec cannot be inserted if i do not have 
the IP code? 

supposing i do not have the IP code. i'll go for the Bump-In-Stack 
or Bump-In-Wire implementation, which means i'll have to duplicate 
re-assembly and fragmentation code from IP. this will hinder 
performance.

can someone throw some light on this - is it possible to have 
IPSec in BIS or BIW, without duplication of IP functionality, 
or, is there any other way that i can insert IPSec without having 
IP code?

thanking you,
arvind.




-------------------------------------------
Arvind Devarajan
< - >
E-mail: arvindd@india.com OR arvindd@hotvoice.com
Get my PGP public key from http://arvind.freipsec.org/


--------------------------------------------------------------------------
Global Internet phone calls, voicemail, fax, e-mail and instant messaging.
Sign-up today for FREE account at http://www.hotvoice.com

---

• Prev by Date: Re: build the non-kernel FreeS/WAN programs and install them in /usr/local/sbin
• Next by Date: Re: IKE attributes consistency.
• Prev by thread: Re: build the non-kernel FreeS/WAN programs and install them in /usr/local/sbin
• Next by thread: Re: Placement of IPSec...
• Index(es):
  • Main
  • Thread