Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Derrell Piper <piper@tgv.com> Wed, 19 February 1997 20:09 UTC
Received: from cnri by ietf.org id aa02568; 19 Feb 97 15:09 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa26075; 19 Feb 97 15:09 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id OAA26312 for ipsec-outgoing; Wed, 19 Feb 1997 14:55:27 -0500 (EST)
Message-Id: <199702191959.LAA10030@fluffy.cisco.com>
To: ipsec@tis.com
Subject: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Date: Wed, 19 Feb 1997 11:59:42 -0800
From: Derrell Piper <piper@tgv.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I'm against coupling compression with IPSEC. I don't believe that this is the correct place to put it and I am not convinced that putting it there will actually improve overall performance. The burden of proof should be on those proposing this to show that there is a reasonable degree of certainty that this makes good engineering sense. I am not yet convinced. A few thoughts on the issues... Compression must be negotiated or else it cannot be deployed. This leads to want to do it as a TCP option or as an ISAKMP attribute. Doing it in IPSEC before ESP does not help with the fragmentation issue. The fragmentation issue is solved by having IPSEC manage the routing layer when it creates an association. We have implemented this in our Windows 95 IPSEC stack for both Tunnel and Transport modes of AH and ESP and it seems to work. You want to compress before TCP has fragmented the packet, not after it. From a performance perspective, you'd much rather deal with less packets than with smaller ones. That's true both for encryption (as Dan Harkins pointed out) and TCP in general (as Bill Sommerfield observed). This is very important and implies pushing compression up into TCP. It is not clear that compressing protocols other than TCP will be a win. And with TCP, it is certain that there is a fair amount of traffic that will not benefit from compression either because it's relatively small (single-character TELNET) or because it has already been compressed at the application (graphics/video/audio). Doing compression on these packets is a waste of time. A compression algorithm might be able to tell that it's losing, but it's already wasted the cycles at that point. Whether or not compression will help is an attribute of the data that only the sending application really has a chance to assert a priori. Compression is useful indepedent of IPSEC, though in the absense of IPSEC, it's probably better handled by underlying hardware. This is leading me to believe that if we are to add this, this should be added as a negotiated TCP option along with a strong suggestion to stack vendors to implement a per-socket option to allow applications to enable or disable compression on the fly. However, I remain unconvinced that simply adding compression will be the big win some folks seem to think it will be. Just because encryption makes in infeasible to do compression afterward doesn't necessarily mean that you want to do compression beforhand. Derrell
- TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Matt Thomas
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Derek Palma
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Roy Pereira
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Rob Adams
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Derrell Piper
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Terry L. Davis, Boeing Information & Support Services, Bellevue, WA
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Dennis Glatting
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Rob Adams
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Michael Richardson
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Kent Fitch
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Daniel Harkins
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Germano Caronni
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Marcel Waldvogel
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Rodney Thayer
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Derek Palma
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) carrel
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Matt Thomas
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Daniel Harkins
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Karl Fox
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Naganand Doraswamy
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) C. Harald Koch
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) C. Harald Koch
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Steven Bellovin
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Karl Fox
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Karl Fox
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Angelos D. Keromytis
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Scott Marcus
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Matt Thomas
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Angelos D. Keromytis
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Dennis Glatting
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Stephen Kent
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Jim Thompson
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Perry E. Metzger
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) C. Harald Koch
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Roy Pereira
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Perry E. Metzger
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) EKR
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) John W. Richardson
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bill Sommerfeld
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bill Sommerfeld
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) C. Harald Koch
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bill Sommerfeld
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Rob Adams
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Angelos D. Keromytis
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Dennis Glatting
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) EKR
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Rodney Thayer
- RE: TO COMPRESS OR NOT TO CMPRS (please reply) Stephen Kent
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Stephen Kent
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Stephen Kent
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Dennis Glatting
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Phil Karn
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Phil Karn
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Phil Karn
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Phil Karn
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Bob Monsour
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Marcel Waldvogel
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Stephen Kent
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Perry E. Metzger
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Perry E. Metzger
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) Phil Karn
- Re: TO COMPRESS OR NOT TO CMPRS (please reply) James Hughes