[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSec Standard - No Flow Control?
It may be what you're seeing is an artifact of the
replay sequence number processing not allowing the
full TCP receive window's worth of in flight data.
Typically, the replay window is about 32-64 bits,
which may be on the edge of interfering with your
TCP window. Adjusting its window upward may help,
but it's possible that there may be some limits to
the size.
Mike
Rett_Walters@payless.com writes:
> I have a question regarding IPsec inner workings.....
>
> Is there a provision for Flow Control in the IPSec Standards?
>
> I understand that IPSec essentially runs at Layer 3 which does not include
> flow control algorithms (usually left to Layer 4 protocols such as TCP);
> however I have noticed in live implementations of the protocol, long delay
> networks (250ms round-trip) suffer serious performance issues when compared
> to non-encrypted TCP communications such as Ftp's, using large (64k) TCP
> Receive Windows. Trace analysis shows a large percentage of time spent
> waiting for ACKs to transmitted ESP packets. Is there no way to control
> the amount of data "in flight", ie setting a higher Window? Using IPSec
> Encapsulation seems to override or Break the TCP Windows set in the
> encrypted packet headers, do to its own method of flow control (or lack
> thereof).....
>
> I am wondering if this was overlooked?
>
> Thanks,
>
> ___________________________________
> Rett D. Walters
> Network Architect
> Payless ShoeSource Inc.
> Phone: 785-295-2049, Fax: 785-295-6666
> Email: rett.walters@payless.com
>
>
Follow-Ups:
References: