On Tue, 15 Nov 2011, Vilhelm Jutvik wrote:
As for the (apparently widely held) belief that transport mode is redundant I would like to voice my opinion in defense of it: Tunnel mode incurs an overhead due to the extra IP header. In the case of IPv6 that overhead will be over 40 bytes and will hardware resources as well as bandwidth. Ferguson and Schneier proposes a compression scheme (section "Protocols") for reducing this overhead, but that suggestion is tantamount to proposing a new mode and would take much time and work to introduce in the current implementations.
L2TP/IPsec stacks I know (Microsoft, OSX, xl2tpd/pppd, iOS) set the MTU/MRU on the ppp address to about 1200 anyway. So any argument that it saves so many bytes is lost in actual deployments where people put a huge safetely margin in to avoid mtu and fragmentation issues. If your assigned IP goes to mtu 1200, you really have not gained a few bytes by picking transport mode over tunnel mode. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
