On Wed, Aug 2, 2023 at 10:29 PM Christian Hopps wrote:
>
> Daniel Migault writes:
>
> > On Tue, Aug 1, 2023 at 10:18 PM Christian Hopps
> > wrote:
> >
> > Hi,
> >
> > FWIW, Here's what I was saying at the mic during the ipsec
> > meeting @117. It may have relevance to the discussion
Christian Hopps wrote:
> You're confusing inner and outer traffic here. When your egress
> endpoint decaps the tunnel traffic, and then that traffic won't fit on
> it's egress red link on your egress endpoint is going to send an ICMP
> too big message back to the ingress router *i
On Wed, Aug 2, 2023 at 9:17 PM Michael Richardson
wrote:
>
> Paul Wouters wrote:
> >> Christian Hopps wrote: >> The ingress node
> >> encrypts this packet and adds the IPsec >> encapsulation, and this
> >> IPsec-processed packet is also larger than the >> Link MTU. The
> >> ingr
Daniel Migault writes:
On Tue, Aug 1, 2023 at 10:18 PM Christian Hopps
wrote:
Hi,
FWIW, Here's what I was saying at the mic during the ipsec
meeting @117. It may have relevance to the discussion about
EMTU...
You own the tunnel endpoints since you're configuring securit
On Wed, Aug 2, 2023 at 1:02 AM Christian Hopps wrote:
>
> "Panwei (William)" writes:
>
> > Hi Daniel,
> >
> >
> >
> > Thanks for your clarification, I think I may have better
> > understanding of your problem statement. I try to give an example
> > below, please correct me if I’m wrong.
> >
> >
On Wed, Aug 2, 2023 at 9:17 PM Michael Richardson
wrote:
>
> Paul Wouters wrote:
> >> Christian Hopps wrote: >> The ingress node
> >> encrypts this packet and adds the IPsec >> encapsulation, and this
> >> IPsec-processed packet is also larger than the >> Link MTU. The
> >> ingr
On Tue, Aug 1, 2023 at 10:18 PM Christian Hopps wrote:
> Hi,
>
> FWIW, Here's what I was saying at the mic during the ipsec meeting @117.
> It may have relevance to the discussion about EMTU...
>
> You own the tunnel endpoints since you're configuring security tunnels on
> them. Normal PMTU will
Paul Wouters wrote:
>> Christian Hopps wrote: >> The ingress node
>> encrypts this packet and adds the IPsec >> encapsulation, and this
>> IPsec-processed packet is also larger than the >> Link MTU. The
>> ingress node fragments this IPsec-processed packet and >> sends all
>>
On Tue, 1 Aug 2023, Daniel Migault wrote:
[The quoting got mangled in Daniel's message]
If an incoming Encrypted packet is larger than the Link MTU
How can than be? You mean you received an ESP or ESPinUDP that after
decrypting was too large for the
link you need to send the decrypted packe
On Wed, 2 Aug 2023, Michael Richardson wrote:
Christian Hopps wrote:
>> The ingress node encrypts this packet and adds the IPsec
>> encapsulation, and this IPsec-processed packet is also larger than the
>> Link MTU. The ingress node fragments this IPsec-processed packet and
>> sends
Christian Hopps wrote:
>> The ingress node encrypts this packet and adds the IPsec
>> encapsulation, and this IPsec-processed packet is also larger than the
>> Link MTU. The ingress node fragments this IPsec-processed packet and
>> sends all the fragments to the egress node.
Tero Kivinen wrote:
>> Tero Kivinen wrote: > I think we should use normal
>> ESP format i.e. have ESP SPI using > following format:
>>
>> I mostly agree. But:
>>
>> > (0-255 bytes) | +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | |
>>
>> It would be
12 matches
Mail list logo