From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@redhat.com, jmorris@redhat.com, netdev@oss.sgi.com
Subject: Re: IPsec and Path MTU
Date: Thu, 17 Jun 2004 23:01:58 +0400 [thread overview]
Message-ID: <20040617190158.GA10925@ms2.inr.ac.ru> (raw)
In-Reply-To: <20040616231317.GA5742@gondor.apana.org.au>
Hello!
> The problem is that each bundle can have only one PMTU. But
> there can be an arbitrary number of paths over each bundle.
Seems, I still do not understand what you mean.
Returning to the beginning:
> But this is wrong because it assigns
> a single MTU to all hosts behind an IPsec gateway, even though their
> paths may well diverge beyond the gateway.
Diverge where exactly? On path where packets are transformed? PMTU discovery
cannot do something clever for this case: we receive only small piece
of transformed datagram, in the best case with SPI in it, so we
can only update pmtu not even on bundle, but on even wider aggregate,
on SA itself. This part is missing now, by the way, it is to be done
inside error handlers in transformations.
>From another hand, if it is an ICMP from beyond another end of tunnel,
it is problem of original senders to handle them. Gateways even do not
see such ICMPs, which are destined not for them.
Alexey
next prev parent reply other threads:[~2004-06-17 19:01 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-15 12:43 IPsec and Path MTU Herbert Xu
2004-06-15 14:50 ` Michael Richardson
2004-06-16 11:43 ` Herbert Xu
2004-06-16 14:43 ` Michael Richardson
2004-06-18 7:35 ` Glen Turner
2004-06-16 12:10 ` Herbert Xu
2004-06-16 14:12 ` James Morris
2004-06-16 20:23 ` Alexey Kuznetsov
2004-06-16 20:49 ` David S. Miller
2004-06-16 23:11 ` Herbert Xu
2004-06-17 17:58 ` David S. Miller
2004-06-17 21:31 ` Herbert Xu
2004-06-17 22:22 ` David S. Miller
2004-06-17 23:09 ` Herbert Xu
2004-06-16 19:56 ` Alexey Kuznetsov
2004-06-16 23:13 ` Herbert Xu
2004-06-17 19:01 ` Alexey Kuznetsov [this message]
2004-06-17 21:38 ` Herbert Xu
2004-06-17 22:29 ` David S. Miller
2004-06-17 23:12 ` Herbert Xu
2004-06-17 23:14 ` David S. Miller
2004-06-17 23:18 ` Herbert Xu
[not found] ` <20040618202551.GA2733@ms2.inr.ac.ru>
2004-06-18 22:21 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040617190158.GA10925@ms2.inr.ac.ru \
--to=kuznet@ms2.inr.ac.ru \
--cc=davem@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jmorris@redhat.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).