Hi Valery, IKEv2 fragmentation is mostly used for large sized packets. There are use-cases when our implementation needs to send huge sized packet over IKEv2 control plane channel. On lossy network if one of the fragment is lost, using current draft, responder will not be able to reassemble IKEv2 packet, so initiator needs to re-transmit all the fragments again.
If we are already going for integrity protected encryption for each fragment, is option of ACK response for each fragment using encrypted fragment payload has been investigated ? Using encrypted fragment payload for ACK for fragment, if some fragment are lost while retransmitting we can retransmit only those fragments for which we have not received ACK. The solution works well for time critical large size control packets, on the down side, it incurs ACK overhead for each fragment on networks where there is no packet loss. In constrained devices environment, need of fragmentation will be more as these networks can carry limited size of packet. More re-transmit on lossy and constraint devices will consume more battery too. At the same time these network are lossy in nature, so having an ACK mechanism for fragments make more sense. Kind Regards, Raj -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Valery Smyslov Sent: Monday, September 09, 2013 6:34 PM To: [email protected] Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-02.txt Hi all, I've just posted new version of IKEv2 Fragmentation draft. It addresses Yaron's comments on the -01 version. Regards, Valery Smyslov. > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IP Security Maintenance and > Extensions Working Group of the IETF. > > Title : IKEv2 Fragmentation > Author(s) : Valery Smyslov > Filename : draft-ietf-ipsecme-ikev2-fragmentation-02.txt > Pages : 20 > Date : 2013-09-09 > > Abstract: > This document describes the way to avoid IP fragmentation of large > IKEv2 messages. This allows IKEv2 messages to traverse network > devices that don't allow IP fragments to pass through. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-fragmentatio > n > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-fragmentation-02 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ikev2-fragmentatio > n-02 > > > Please note that it may take a couple of minutes from the time of > submission until the htmlized version and diff are available at > tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
