RE: Placement of IPCOMP header in IPSEC Tunnel mode

rmonsour@hifn.com Thu, 18 November 1999 01:10 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA20047; Wed, 17 Nov 1999 17:10:13 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id SAA01142 Wed, 17 Nov 1999 18:41:53 -0500 (EST)
From: rmonsour@hifn.com
Message-ID: <D7D145EB4903D311985E00A0C9FC76FE31D611@sjcxch01.hifn.com>
To: bill.strahm@intel.com
Cc: ipsec@lists.tislabs.com
Subject: RE: Placement of IPCOMP header in IPSEC Tunnel mode
Date: Wed, 17 Nov 1999 15:44:09 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

I believe the new draft removes this confusion. See section 2.1.

	
http://search.ietf.org/internet-drafts/draft-shacham-ippcp-rfc2393bis-01.txt

Regards,
-Bob

----------------------------------
Bob Monsour
Hi/fn, Inc.
750 University Avenue
Los Gatos, CA  95032
bmonsour@hifn.com
408-399-3539 tel
408-399-3501 fax


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Strahm, Bill
> Sent: Wednesday, November 17, 1999 1:32 PM
> To: ipsec@lists.tislabs.com
> Subject: Placement of IPCOMP header in IPSEC Tunnel mode
> 
> 
> I am confused about the placement of the IPComp header when 
> used in Tunnel
> mode.
> 
> >From RFC 2393 Section 2.1
>    In IP version 4 [RFC-0791], the compression is applied to the upper
>    layer protocol (ULP) payload of the IP datagram.  No portion of the
>    IP header or the IP header options is compressed.
> 
> Now in Tunnel mode I am building an IP packet that looks like this
> 
> IP(outer)- IPSEC transform - IP(inner) - data
> 
> I am convinced that the correct placement of a tunnel mode compression
> header is
> 
> IP(outer) - IPSEC transform - IPCOMP - IP(inner) - data
> 
> However from section 2.1 I can see a reading that says I am 
> not to compress
> the IP header or options, so a packet would be built like this
> 
> IP(outer) - IPSEC transform - IP(inner) - IPCOMP - data
> 
> If this later packet is correct I would have a hard time 
> determining if I
> should unapply compression at the gateway or the end host.
> 
> Can I get some clarification on this point please ?
> 
> Bill
> 
> ______________________________________________
> Bill Strahm        Programming today is a race between
> bill.strahm@      software engineers striving to build
> intel.com           bigger and better idiot-proof programs,
> (503) 264-4632   and the Universe trying to produce
>             bigger and better idiots.  So far, the
>                         Universe is winning.--Rich Cook
> I am not speaking for Intel.  And Intel rarely speaks for me
> 
>