Yaron Sheffer writes: > I'm even more worried that if we use small fragments, reliability will > deteriorate. Because we do not have per-packet acknowledgement, and so > if any fragment is dropped, the whole message must be resent. This is > probably a greater risk in mobile networks.
The fix there is to use IP level fragmentation... And only switch to use small IKEv2 level fragmented packets if that does not work. This whole protocol is only needed on the broken networks, so it does not matter if it is very suboptimal, as we can always say that if you enable fragmentation support on your devices, things will work better. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
