[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec Standard - No Flow Control?
There are no ACKs to ESP packets. The encapsulated TCP should be
handling the ACKs at (encrypted) layer-4. Could you explain what you
mean by a "trace analysis showing a large percentage of time spent
waiting for CKs to transmitted ESP packets"? Also, what platform(s)
and IPsec implementation(s) are you using?
-derek
Rett_Walters@payless.com writes:
> I have a question regarding IPsec inner workings.....
>
> Is there a provision for Flow Control in the IPSec Standards?
>
> I understand that IPSec essentially runs at Layer 3 which does not include
> flow control algorithms (usually left to Layer 4 protocols such as TCP);
> however I have noticed in live implementations of the protocol, long delay
> networks (250ms round-trip) suffer serious performance issues when compared
> to non-encrypted TCP communications such as Ftp's, using large (64k) TCP
> Receive Windows. Trace analysis shows a large percentage of time spent
> waiting for ACKs to transmitted ESP packets. Is there no way to control
> the amount of data "in flight", ie setting a higher Window? Using IPSec
> Encapsulation seems to override or Break the TCP Windows set in the
> encrypted packet headers, do to its own method of flow control (or lack
> thereof).....
>
> I am wondering if this was overlooked?
>
> Thanks,
>
> ___________________________________
> Rett D. Walters
> Network Architect
> Payless ShoeSource Inc.
> Phone: 785-295-2049, Fax: 785-295-6666
> Email: rett.walters@payless.com
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: