[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Placement of IPSec...
hi,
i just had a doubt - where is IPSec placed in the network stack?
conceptually, IPSec should be placed like this (please comment
if wrong):
+----------------+
| IP other functions |
| (Like routing, etc.) |
+----------------+
| |
| IPSec |
+-----------------+
| |
| IP Fragmentation and |
| Re-assembly |
+-----------------+
this means, IP will have to be broken down, to insert IPSec.
Does this mean that IPSec cannot be inserted if i do not have
the IP code?
supposing i do not have the IP code. i'll go for the Bump-In-Stack
or Bump-In-Wire implementation, which means i'll have to duplicate
re-assembly and fragmentation code from IP. this will hinder
performance.
can someone throw some light on this - is it possible to have
IPSec in BIS or BIW, without duplication of IP functionality,
or, is there any other way that i can insert IPSec without having
IP code?
thanking you,
arvind.
-------------------------------------------
Arvind Devarajan
< - >
E-mail: arvindd@india.com OR arvindd@hotvoice.com
Get my PGP public key from http://arvind.freipsec.org/
--------------------------------------------------------------------------
Global Internet phone calls, voicemail, fax, e-mail and instant messaging.
Sign-up today for FREE account at http://www.hotvoice.com