[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Re:] Re: Placement of IPSec...

To: agokhale@postmaster.co.uk
Subject: [Re:] Re: Placement of IPSec...
From: Arvind Devarajan <arvindd@hotvoice.com>
Date: Thu, 21 Dec 2000 04:44:27 -0800 (PST)
Cc: ipsec@lists.tislabs.com, freipsec@egroups.com
Sender: owner-ipsec@lists.tislabs.com

hi,
	i still cannot understand why BITW implementation need not 
do any fragmentation, re-assembly. in my opinion, both BITW 
and BITS implementations should suffer the same sort of overheads.
	the IPSec RFC 2401 clearly mentions that IPSec processing is 
to be done only on complete packets - this directly means that 
even BITW implementations need to do re-assembly/fragmentation 
(or, have i understood it wrongly?)
	please clarify my doubt...

regards,
arvind.

On Thu, 21 Dec 2000 11:55:22 +0000
Amey Gokhale wrote:

>hello all,
>
>What Mr.Arvind says is true for BIS implementation of 
>IPSec.The major issue in BIS implementation is duplicaiton 
>of effort.It requires implementing most of the features of 
>the network layer, such as fragmentation and route 
>tables.Duplicating functionality leads to undesired 
>complications and it becomes more difficult to handle 
>issues such as fragmentation,PMTU and routing.
>
>BIW implementation is one of the two types of router 
>implementation along with the native implementation.
>In BIW ,IPSec is implemented in a device that is attached 
>to the physical interface of the router.This device 
>normally does not run any routing algorithm but is used 
>only to secure packets.So here no duplication of 
>effort is required for fragmentation and route tables.
>
>But BIW is not a long term solution as it is not viable to 
>have a device attached to every interface of the router.
>
>Another issue with router implementation is IPSec contexts.
>As the router has to store huge routing tables and normally 
>does not have huge disks for virtual memory support, 
>maintaining too many IPSec contexts is an issue.
>
>i may be wrong so plz. correct me if i am wrong.
>thanks in advance
>
>




-------------------------------------------
Arvind Devarajan
< - >
E-mail: arvindd@india.com OR arvindd@hotvoice.com
Get my PGP public key from http://arvind.freipsec.org/


--------------------------------------------------------------------------
Global Internet phone calls, voicemail, fax, e-mail and instant messaging.
Sign-up today for FREE account at http://www.hotvoice.com

Prev by Date: Re: Placement of IPSec...
Next by Date: Re: [Re:] Re: Placement of IPSec...
Prev by thread: Re: Placement of IPSec...
Next by thread: Re: [Re:] Re: Placement of IPSec...
Index(es):
- Main
- Thread