[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Re:] Re: Placement of IPSec...
hi,
i still cannot understand why BITW implementation need not
do any fragmentation, re-assembly. in my opinion, both BITW
and BITS implementations should suffer the same sort of overheads.
the IPSec RFC 2401 clearly mentions that IPSec processing is
to be done only on complete packets - this directly means that
even BITW implementations need to do re-assembly/fragmentation
(or, have i understood it wrongly?)
please clarify my doubt...
regards,
arvind.
On Thu, 21 Dec 2000 11:55:22 +0000
Amey Gokhale wrote:
>hello all,
>
>What Mr.Arvind says is true for BIS implementation of
>IPSec.The major issue in BIS implementation is duplicaiton
>of effort.It requires implementing most of the features of
>the network layer, such as fragmentation and route
>tables.Duplicating functionality leads to undesired
>complications and it becomes more difficult to handle
>issues such as fragmentation,PMTU and routing.
>
>BIW implementation is one of the two types of router
>implementation along with the native implementation.
>In BIW ,IPSec is implemented in a device that is attached
>to the physical interface of the router.This device
>normally does not run any routing algorithm but is used
>only to secure packets.So here no duplication of
>effort is required for fragmentation and route tables.
>
>But BIW is not a long term solution as it is not viable to
>have a device attached to every interface of the router.
>
>Another issue with router implementation is IPSec contexts.
>As the router has to store huge routing tables and normally
>does not have huge disks for virtual memory support,
>maintaining too many IPSec contexts is an issue.
>
>i may be wrong so plz. correct me if i am wrong.
>thanks in advance
>
>
-------------------------------------------
Arvind Devarajan
< - >
E-mail: arvindd@india.com OR arvindd@hotvoice.com
Get my PGP public key from http://arvind.freipsec.org/
--------------------------------------------------------------------------
Global Internet phone calls, voicemail, fax, e-mail and instant messaging.
Sign-up today for FREE account at http://www.hotvoice.com