But there's no reason to believe that the L2 is the same as you enter
the tunnel. You're going through a router, often to a different link
layer. The L2 overhead is stripped off and replaced.
Bert
________________________________
From: Alex Conta [mailto:[EMAIL PROTECTED]
Sent: Friday, February 01, 2008 8:09 AM
To: Manfredi, Albert E
Cc: [email protected]
Subject: RE: Checksum in IPv6 header
I am not seeing the problem.
The "non-secure IPv6 link" you're mentioning is a "virtual
link", over a "real" physical link. The "real" physical link, the "real"
L2, provides the error detection, which uncovers packet errors in the
IPv6 tunnel packets, like on any other IPv6 packet.
-----Original Message-----
From: Manfredi, Albert E
[mailto:[EMAIL PROTECTED]
Sent: Thursday, January 31, 2008 3:09 PM
To: Alex Conta
Cc: [email protected]
Subject: RE: Checksum in IPv6 header
[....]
________________________________
From: Alex Conta [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 31, 2008 12:50 PM
To: 'Rahim Choudhary'; Templin, Fred L; 'Fred
Baker'
Cc: [email protected]
Subject: RE: Checksum in IPv6 header
The reason is IPsec tunnels, where encrypted packets are
tunneled through a non-secure IPv6 link. In such cases, you can't count
on L2 checksums when going across the tunnel boundaries. Or did I miss
part of that recent thread?
Bert
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
