[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2:limitation of 4k for UDP payload

To: ipsec@lists.tislabs.com
Subject: IKEv2:limitation of 4k for UDP payload
From: Ravi <ravivsn@roc.co.in>
Date: Wed, 26 Mar 2003 19:12:53 +0530
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Hi, I understand this was discussed several times and I could not find clear answer. Please bear with me and I hope some body clarifies it for me. I have some practical problem where the one of TCP/IP stacks which I am working with has limitation of 4K for UDP payload. I understand, when certificate authentication is involved, IKE not only sends the certificate but also multiple CA certificates (if cross chaining is present). This might overshoot the 4K limit. We are trying to work with TCP/IP stack vendor to increase this. But I had this doubt and why UDP is chosen for IKE over TCP. If TCP is chosen, there is no limitation on the payload. It seems DNS RFC does this. It listens on both UDP and TCP port 53. Why can't IKEv2 also standardize both UDP and TCP port 4500? Thanks in advance -- The views presented in this mail are completely mine. The company is not responsible for whatsoever. ---------- Ravi Kumar CH Rendezvous On Chip (i) Pvt Ltd Hyderabad, India Ph: +91-40-2335 1214 / 1175 / 1184 ROC home page

Follow-Ups:
- Re: IKEv2:limitation of 4k for UDP payload
  - From: Vinay K Nallamothu <vinay-rc@naturesoft.net>
- RE: IKEv2:limitation of 4k for UDP payload
  - From: "Yoav Nir" <ynir@CheckPoint.com>

Prev by Date: Re: me tarzan- me jane suggested text change
Next by Date: Re: IKEv2: prepending four octets
Prev by thread: Re: Text suggestion on computing keymat for rekey
Next by thread: Re: IKEv2:limitation of 4k for UDP payload
Index(es):
- Date
- Thread