On 18 mei 2009, at 15:33, Magnus Westerlund wrote:
way. ROHC is a stateful compression technology which can result in
that
the headers being compressed can be both slightly bigger as well as
much
smaller. Thus the effective MTU for a particular packet inside an
IPsec
tunnel with ROHC varies depending on which packet in a sequence it is.
This will create some issues for any path MTU discovery mechanism,
where
a smaller packet may result in a ICMP TOO BIG while a slightly larger
packet doesn't.
So I am interested in what issues you see arising with this technology
and what you think should be done about it.
If the large majority (say, more than 95%) of the packets can be
compressed to some reasonably predictable size, but a few need to be
larger, then it's probably a good idea to report back an MTU that
accommodates the common case efficiently, and handle the packets that
end up larger than that with fragmentation.
Another issue with IPsec encryption is that the encryption algorithms
impose a certain block size. This means that if the packet doesn't fit
in an integer number of blocks, there must be padding. So it's much
better to send packets that are a few bytes shorter but exactly fill
up the compression blocks rather than fill the packet entirely and
carry padding bytes.
