[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] Layer 2 processing inside IPsec
> - ROHC requires that the lower layer not reorder packets, whereas
> IPsec includes replay protection with a sequence number, it does *not*
> put packets back into their original order on receive.
That’s the main problem but if ROHC and IPsec would be just used for the
access link (AFAIK: that’s where it should be used) the problem is rather
small. (Single link, just 1 hop, probably no reordering.)
There should not be a problem to use ROHC first and IPsec after that. Just
set up the SPD in the right way (e.g. Selector=IPs only). Unfortunately ROHC
is not always able to reduce packet size so much that IPsec would not have
to fragment the ROHC packets... depends on your data.
ROHC was designed to be used over cellular links. I don't think that ROHC
would work that well over the internet for the problem with packet
reordering.
Lars
--
Lars Völker
Institute of Telematics, University of Karlsruhe
Zirkel 2, 76128 Karlsruhe
Phone: +49 721 - 608 6397
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec