[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Ipsec] big IKE packets

To: "Dan McDonald" <danmcd@east.sun.com>, <ipsec@lists.tislabs.com>, <pki4ipsec@honor.icsalabs.com>
Subject: RE: [Ipsec] big IKE packets
From: "Bob Doud" <BDoud@hifn.com>
Date: Tue, 31 Aug 2004 16:56:51 -0400
Cc:
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
Sender: ipsec-bounces@ietf.org
Thread-index: AcSPm4ofUd3tkgMRSmm4K54Z1cEqBgAARijA
Thread-topic: [Ipsec] big IKE packets

> 
> Can't modern firewalls tag the initial segment's ID, and let 
> matching IDs
> through?  I know there's packet reordering and 
> implementations that send the
> last fragment first, but the former is relatively rare, and 
> the latter can be fixed.

Keep in mind that Linux implemenations send out the last
fragment first, so you're going to see a lot of that.  We're
not going to hold our breath waiting for that to be changed!

Bob

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Prev by Date: Re: [Pki4ipsec] Re: [Ipsec] big IKE packets
Next by Date: Re: [Ipsec] big IKE packets
Previous by thread: Re: [Pki4ipsec] Re: [Ipsec] big IKE packets
Next by thread: [Ipsec] foto
Index(es):
- Date
- Thread