[IPsec] IPsec SGW PMTU
Timothy Carlin <tjcarlin@iol.unh.edu> Mon, 17 May 2010 15:10 UTC
Return-Path: <tjcarlin@iol.unh.edu>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACDF13A68CD for <ipsec@core3.amsl.com>; Mon, 17 May 2010 08:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJYlLjwtwzbg for <ipsec@core3.amsl.com>; Mon, 17 May 2010 08:10:54 -0700 (PDT)
Received: from exprod5og105.obsmtp.com (exprod5og105.obsmtp.com [64.18.0.180]) by core3.amsl.com (Postfix) with SMTP id A67883A6A43 for <ipsec@ietf.org>; Mon, 17 May 2010 08:10:51 -0700 (PDT)
Received: from source ([132.177.123.84]) by exprod5ob105.postini.com ([64.18.4.12]) with SMTP ID DSNKS/Fcc/a8C04T5IB4Ihis3H2d5cRyWk1h@postini.com; Mon, 17 May 2010 08:10:44 PDT
Received: from patriot.iol.unh.edu (patriot.iol.unh.edu [132.177.118.220]) by postal.iol.unh.edu (Postfix) with ESMTP id EA6631D9136; Mon, 17 May 2010 11:10:41 -0400 (EDT)
From: Timothy Carlin <tjcarlin@iol.unh.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 17 May 2010 11:10:41 -0400
To: IPsecme WG <ipsec@ietf.org>
Message-Id: <E03F7CDB-EA79-43B9-BCBD-94EAC8438A5B@iol.unh.edu>
Mime-Version: 1.0 (Apple Message framework v1078)
X-Mailer: Apple Mail (2.1078)
Subject: [IPsec] IPsec SGW PMTU
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 15:10:57 -0000
Hello, A question has come up regarding the interpretation of RFC 4301 and IPv6 Path MTU Discovery for Security Gateway Devices. We would appreciate any insight anyone can offer. Section 8.2.1 indicates that the SG should map the header information from the payload in a received (inbound) ICMPv6 Packet Too Big message to an SA. Then, when another outbound packet is received that should be tunneled through that SA, it should drop the packet, and propagate the PMTU information through a synthesized PTB message. This seems to be the only option for IPv6. Section 6 states: "The discussion in this section applies to ICMPv6 as well as to ICMPv4." Section 6.1.1 gives two possibilities for processing, the second case refers to Section 8.2.1, while the first case states: "If the implementation applies fragmentation on the ciphertext side of the boundary, then the accepted PMTU information is passed to the forwarding module (outside of the IPsec implementation), which uses it to manage outbound packet fragmentation" The question is: Does this statement apply to both IPv4 and IPv6, or does it only apply to IPv4/ICMPv4? Section 8.2.1 seems to imply that it would not apply to IPv6, meaning PTMU information should always be propagated in IPv6, however section 6 seems to state that it applies to both, and the implementation may choose to fragment. Thanks for your time, Tim Carlin ---- Timothy Carlin InterOperability Laboratory University of New Hampshire +1-603-862-1224 tjcarlin@iol.unh.edu
- [IPsec] IPsec SGW PMTU Timothy Carlin