Re[4]: PPP over IPSec (without L2TP)?
Jim Tiller <tiller_j@ins.com> Thu, 14 October 1999 21:20 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id OAA28147; Thu, 14 Oct 1999 14:20:36 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA00576 Thu, 14 Oct 1999 15:11:34 -0400 (EDT)
Date: Thu, 14 Oct 1999 15:09:15 -0400
From: Jim Tiller <tiller_j@ins.com>
X-Mailer: The Bat! (v1.34a) S/N 569FD297
Reply-To: Jim Tiller <tiller_j@ins.com>
Organization: INS
X-Priority: 3 (Normal)
Message-ID: <3631.991014@ins.com>
To: "Shriver, John" <john.shriver@intel.com>
CC: 'Ari Huttunen' <Ari.Huttunen@datafellows.com>, ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Subject: Re[4]: PPP over IPSec (without L2TP)?
In-reply-To: <392A357CE6FFD111AC3E00A0C99848B001D6A3D4@hdsmsx31.hd.intel.com>
References: <392A357CE6FFD111AC3E00A0C99848B001D6A3D4@hdsmsx31.hd.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
OK, but I keep choking on one aspect. If PPP is encapsulated into L2TP, which basically assumes the form of an IP packet (right?) Doesn't the same issues of reordering exist? Eliminate IPSec for a second. I'm obviously not an L2TP dude, but I'm aware of in-band controls within L2TP that provide the options to the passenger protocol(s). I guess my misunderstanding revolves around that if a packet is ultimately forwarded through an IP network, the odds of packets arriving at the destination in the wrong order are high. At that point don't the packets get reordered by the IP stack of the receiving system and then passed up the stack? At that point aren't the PPP LCPs and NCPs reordered inherently prior to de-encapsulation? Please be patient with me, I know I'm missing a critical step and completely over simplifying the process. I just don't see the need for L2TP over IPSec, it's not sticking. Thankx for your time! -jim Thursday, October 14, 1999, 1:19:37 PM, you wrote: >> From: Jim Tiller [mailto:tiller_j@ins.com] >> Sent: Thursday, October 14, 1999 12:54 PM >> To: Shriver, John >> Cc: 'Ari Huttunen'; ietf-ipsra@vpnc.org; ipsec@lists.tislabs.com >> Subject: Re[2]: PPP over IPSec (without L2TP)? >> >> Excuse my ignorance, but doesn't IPSec and IP handle this in >> layer three and four? I'm personally torn on the use of L2TP >> over IPSec, I see certain implementations that can benefit, >> but the reasons MS gives do not impress me. >> Any comments are welcome. >> Shriver> Well, for the DATA path, PPP itself has no concerns about packet reordering. Shriver> IP over PPP could care less. Shriver> But, some of the protocols over PPP care very much about reordering. IEEE Shriver> 802.1D bridging assumes essentially no possibility of reordering, so BCP Shriver> over PPP has to assume that what is under PPP will not reorder. Shriver> But, the big problem is the entire PPP negotiation state machine. (The Shriver> CONTROL path.) It is absolutely designed on the assumption that the data Shriver> link underneath will never reorder packets. Suppose a NCP Config-Ack was Shriver> sent by an IPCP Config-Request. If they were swapped in transit, the IPCP Shriver> packet would be received before NCP was up. Shriver> Also, the Van Jacobsen TCP header compression really benefits greatly from Shriver> being informed of packet loss at the receiver. L2TP can provide some hint Shriver> of that.
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen