By the way, header compression in IPsec is standardized in RFC 5856/7/8.
I don't know if anybody's implemented this stuff.
Yaron
On 16/11/2011 18:37, Paul Wouters wrote:
On Tue, 15 Nov 2011, Vilhelm Jutvik wrote:
As for the (apparently widely held) belief that transport mode is
redundant I would like to voice my opinion in defense of it: Tunnel
mode incurs an overhead due to the extra IP header. In the case of
IPv6 that overhead will be over 40 bytes and will hardware resources
as well as bandwidth. Ferguson and Schneier proposes a compression
scheme (section "Protocols") for reducing this overhead, but that
suggestion is tantamount to proposing a new mode and would take much
time and work to introduce in the current implementations.
L2TP/IPsec stacks I know (Microsoft, OSX, xl2tpd/pppd, iOS) set the
MTU/MRU on the ppp address to about 1200 anyway. So any argument that
it saves so many bytes is lost in actual deployments where people put a
huge safetely margin in to avoid mtu and fragmentation issues.
If your assigned IP goes to mtu 1200, you really have not gained a few
bytes by picking transport mode over tunnel mode.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
