Hi,
after re-reading RFC8229 several times I cannot find any language about
retransmitting IKE messages in case of TCP. Clearly, the behavior described
in Section 2.1 is wrong in case of TCP, since TCP provides a reliable transport.
Blindly following these recommendations would only make things worse,
in case of network congestion, since it increases the amount of data TCP
would try to resend, and thus increasing congestion even more.
Ideally, some text should have been added, similar to the text clarifying
using IKE fragmentation in case of TCP. Something like that:
TCP provides reliable transport, so there is no need for application to
deal with retransmissions. Moreover, performing retransmissions by IKE
in case of TCP on congested networks could further increase congestion
and degrade performance. For this reason IKE initiator SHOULD NOT
retransmit requests if they are sent over TCP. However, IKE responder MUST
correctly handle retransmitted request messages received over TCP, but
it SHOULD NOT resend response messages in this case.
I think not having such a recommendation in RFC8229 is an oversight.
I'm not sure though it's worth filling in errata... What the WG thinks?
Regards,
Valery.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
