[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSec Standard - No Flow Control?
I have a question regarding IPsec inner workings.....
Is there a provision for Flow Control in the IPSec Standards?
I understand that IPSec essentially runs at Layer 3 which does not include
flow control algorithms (usually left to Layer 4 protocols such as TCP);
however I have noticed in live implementations of the protocol, long delay
networks (250ms round-trip) suffer serious performance issues when compared
to non-encrypted TCP communications such as Ftp's, using large (64k) TCP
Receive Windows. Trace analysis shows a large percentage of time spent
waiting for ACKs to transmitted ESP packets. Is there no way to control
the amount of data "in flight", ie setting a higher Window? Using IPSec
Encapsulation seems to override or Break the TCP Windows set in the
encrypted packet headers, do to its own method of flow control (or lack
thereof).....
I am wondering if this was overlooked?
Thanks,
___________________________________
Rett D. Walters
Network Architect
Payless ShoeSource Inc.
Phone: 785-295-2049, Fax: 785-295-6666
Email: rett.walters@payless.com
Follow-Ups: