"Panwei (William)" writes:
Hi Daniel,
Thanks for your clarification, I think I may have better
understanding of your problem statement. I try to give an example
below, please correct me if I’m wrong.
First, let’s assume the encryption/decryption capability of ingress
node is 15000 bytes
Hi Daniel,
Thanks for your clarification, I think I may have better understanding of your
problem statement. I try to give an example below, please correct me if I’m
wrong.
First, let’s assume the encryption/decryption capability of ingress node is
15000 bytes and the capability of egress
Hi,
FWIW, Here's what I was saying at the mic during the ipsec meeting @117. It may
have relevance to the discussion about EMTU...
You own the tunnel endpoints since you're configuring security tunnels on them.
Normal PMTU will work fine if, for some reason, you need your ingress to
discover
Paul Wouters wrote:
> On Aug 1, 2023, at 12:56, Daniel Migault wrote:
>>
>> Hi Ben, Just trying to position our understanding of the position
>> between the ICMP PTB and the IKE PTB. If an incoming Encrypted packet
>> is larger than the Link MTU
> How can than be?
Hi Paul,
Please see my response in line.
Yours,
Daniel
On Tue, Aug 1, 2023 at 2:15 PM Paul Wouters wrote:
> On Aug 1, 2023, at 12:56, Daniel Migault wrote:
>
>
>
>
> Hi Ben,
>
> Just trying to position our understanding of the position between the ICMP
> PTB and the IKE PTB.
>
> If an
Michael Richardson writes:
>
> Tero Kivinen wrote:
> > I think we should use normal ESP format i.e. have ESP SPI using
> > following format:
>
> I mostly agree.
> But:
>
> > (0-255 bytes) | +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
>
> It would be nice to be able to
On Aug 1, 2023, at 12:56, Daniel Migault wrote:
>
>
> Hi Ben,
> Just trying to position our understanding of the position between the ICMP
> PTB and the IKE PTB.
> If an incoming Encrypted packet is larger than the Link MTU
How can than be? You mean you received an ESP or ESPinUDP that
Hi Ben,
Just trying to position our understanding of the position between the
ICMP PTB and the IKE PTB.
If an incoming Encrypted packet is larger than the Link MTU, an ICMP
PTB is sent, otherwise the packet is accepted. If fragments are
received, a reassembly operation happens and the packet