[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Placement of IPSec...

	i just had a doubt - where is IPSec placed in the network stack? 
conceptually, IPSec should be placed like this (please comment 
if wrong):

             |      IP other functions   |
             |     (Like routing, etc.)   |
             |                                  |
             |            IPSec              |
             |                                  |
             |   IP Fragmentation and |
             |   Re-assembly            |

this means, IP will have to be broken down, to insert IPSec. 
Does this mean that IPSec cannot be inserted if i do not have 
the IP code? 

supposing i do not have the IP code. i'll go for the Bump-In-Stack 
or Bump-In-Wire implementation, which means i'll have to duplicate 
re-assembly and fragmentation code from IP. this will hinder 

can someone throw some light on this - is it possible to have 
IPSec in BIS or BIW, without duplication of IP functionality, 
or, is there any other way that i can insert IPSec without having 
IP code?

thanking you,

Arvind Devarajan
< - >
E-mail: arvindd@india.com OR arvindd@hotvoice.com
Get my PGP public key from http://arvind.freipsec.org/

Global Internet phone calls, voicemail, fax, e-mail and instant messaging.
Sign-up today for FREE account at http://www.hotvoice.com