IETF Logo Mail Archive

[IPsec] Re: IPSEC and packet reordering

"Koning, Paul" <Paul.Koning@dell.com> Tue, 24 March 2026 16:52 UTC

Return-Path: <prvs=15438d63c8=paul.koning@dell.com>
X-Original-To: ipsec@mail2.ietf.org
Delivered-To: ipsec@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EC435D0C5422 for <ipsec@mail2.ietf.org>; Tue, 24 Mar 2026 09:52:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJnEXGIXCyxI for <ipsec@mail2.ietf.org>; Tue, 24 Mar 2026 09:52:55 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 47C54D0C541B for <ipsec@ietf.org>; Tue, 24 Mar 2026 09:52:55 -0700 (PDT)
Received: from pps.filterd (m0170389.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62ODXpQw671016; Tue, 24 Mar 2026 12:52:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=smtpout1; bh=mm/kGpk/8a09vDzD7aTmmLnCD 77+X6j90mOCN8Bp2Z0=; b=ysLd6jxxC+HiDotizBZJwJWzRYsK53xkdcFWO7CVW DNeDP6ZoIgA4R1ANjfVocLisg5mfF7YXiI0kmCB35RCayo982usSSEA/X2AxOGCK 2O+xjEqPdat658p2kxNqbaudEJvq6oNWyeAORAi9sQXY/r+t7bDeXXw2bCMtbTcN Y6cSBDdHs3cpaYGnVlULTIC6/l9X/UjhYaJPfTs5ej3pGAx5lABhc55869ZJQl3S LGMaRk2EYcBoeMT004EaZaX7IivxDQFPw6sOgIObLucAIfo4vbVDb+5ngdkZ8MSa xolfINOWYMbByxjZ8HocnKoNlJc4LdzgViFTbn7N1RGdg==
Received: from mx0a-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39]) by mx0a-00154904.pphosted.com (PPS) with ESMTPS id 4d1qbcdt6x-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 24 Mar 2026 12:52:41 -0400 (EDT)
Received: from pps.filterd (m0371675.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62OGgK342854464; Tue, 24 Mar 2026 12:52:41 -0400
Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazon11010023.outbound.protection.outlook.com [52.101.61.23]) by mx0a-00154901.pphosted.com (PPS) with ESMTPS id 4d3wn80wt1-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Tue, 24 Mar 2026 12:52:40 -0400 (EDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=m62Ct/MOlZroMZtGVAVHEup/rsbL2G9V8M/R6ck/j0H2ABtrCDBsIe2tII+0ktmiojNkcVfaIP8SwR/s8pTSA+Prq4uM0HGhyjKBSp5zAg1FmXCx3yHr7mpV/KB90nHhf7hJy501LU8OHOQAW4iWldRamDhkErnVoauL9tiPgP09kzcI3/JU3Pl/BPecU/aFRTXwlA6H7ZfxDdwUJKslXkobXhzbZZRiNL0H+GiR1F0ZbpUHFkUrKBkwkRi2kjpulY7bAm08MPZHtuJHJ1TTbDTmwv6kKsTFHO8ujG8U7ch6buPtSv/HLPN77HTsMID/xZCOBlzUshx+6z0sFEx7kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mm/kGpk/8a09vDzD7aTmmLnCD77+X6j90mOCN8Bp2Z0=; b=lmasbXwoBPiDQ9UVFZqVVcB2SYbd1VBgoL/0t8CyKz4L6GbqDw2BufhlGqHgqnmLEUdquAiTmfOOI5cbbdgLy/nPwmgar9YETn1z0deppx1q006TRN3rlI85fn08o07FNsPxxc9PMGC4MSN6UDMcBWwtKb8Go3JXMFcmr2uJCjGu/WaVA4mpbc8FL8DsxdHrmvWxahDp3HynEcloD8hUx0vhI5gaj2XcZGeOVABKzUHy+pWXCiJ+vvRfEWLigQG0Y4+rNl3myNKTR109MVig1/m/VhaWIOTg7e0XPY/cqRAuZzvbARU4NOa8tDrGVtquOzsK7Yrm66RxU4iwHsTH3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from SA0PR19MB4508.namprd19.prod.outlook.com (2603:10b6:806:b8::7) by BN5PR19MB8840.namprd19.prod.outlook.com (2603:10b6:408:2ab::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.19; Tue, 24 Mar 2026 16:52:37 +0000
Received: from SA0PR19MB4508.namprd19.prod.outlook.com ([fe80::ff4d:f5b2:ee80:a4c7]) by SA0PR19MB4508.namprd19.prod.outlook.com ([fe80::ff4d:f5b2:ee80:a4c7%6]) with mapi id 15.20.9723.030; Tue, 24 Mar 2026 16:52:37 +0000
From: "Koning, Paul" <Paul.Koning@dell.com>
To: Ingemar Johansson S <ingemar.s.johansson=40ericsson.com@dmarc.ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] Re: IPSEC and packet reordering
Thread-Index: Adysei8iPlRntzc5TiKy/0KVkBEdZAO823UwABAeZ4A=
Date: Tue, 24 Mar 2026 16:52:37 +0000
Message-ID: <SA0PR19MB4508FBD7FD27AFE0A36A31539848A@SA0PR19MB4508.namprd19.prod.outlook.com>
References: <AM8PR07MB81378DB1A249E713C72BB4A3C27DA@AM8PR07MB8137.eurprd07.prod.outlook.com> <AM8PR07MB81377B41AF7773E143C50CC7C248A@AM8PR07MB8137.eurprd07.prod.outlook.com>
In-Reply-To: <AM8PR07MB81377B41AF7773E143C50CC7C248A@AM8PR07MB8137.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_73dd1fcc-24d7-4f55-9dc2-c1518f171327_Enabled=True;MSIP_Label_73dd1fcc-24d7-4f55-9dc2-c1518f171327_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd;MSIP_Label_73dd1fcc-24d7-4f55-9dc2-c1518f171327_SetDate=2026-03-24T16:48:49.0000000Z;MSIP_Label_73dd1fcc-24d7-4f55-9dc2-c1518f171327_Name=No Protection (Label Only) - Internal Use;MSIP_Label_73dd1fcc-24d7-4f55-9dc2-c1518f171327_ContentBits=3;MSIP_Label_73dd1fcc-24d7-4f55-9dc2-c1518f171327_Method=Standard
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA0PR19MB4508:EE_|BN5PR19MB8840:EE_
x-ms-office365-filtering-correlation-id: ef696bce-ce0f-4eee-586e-08de89c5c11f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|786006|18002099003|56012099003|22082099003|38070700021|7053199007|13003099007|8096899003;
x-microsoft-antispam-message-info: aAiJfWkomvT6hS4miTAZlrwEcxQL9cdVzBVWYDiMsRtNeoXuAFek+SyylJTvnZhxiZfTxSK/rMoqah6HGOGIfBuGE4RENvCLHU+ZWUV24ojxXVSijcuWWItLVbNa/mVG/CzBiQwlZlCNm/MhybhC/al3vlZ7t0UCHP5z/yx2Cwe6qhlZ8kWmh0pzBoHIUzPRrDz7TNZPuWkj4OGojYW7aWCIhJF+IOTCicyKFIg17b1/f4Nk6LfURJqbT/0YL5eTsG8M4ZDbmkiXUZcgT5Q5+7b/A2ABiZjdDdbXr2SGXacfQ7gOOHOYta1KynyYBvJRI4uP4G7DOPdGbJtcgoULK7/JYD2ENJDiiLm0jqYJuUUzKRNVYTsFXMIQAbRDifxZuiQf7wjZcFzY8JsJjqPMUu9hzW5Vpfy3WnDwcQcIQs7ZV0gFJFxv2qa/Zw4aUS/jpBTrKpIa6iJESuIEMBj6f8kahF9VVR1TqU2vaHGIRH64rHk1KsGmIDzVDnSEdXwn7G9y3jSSjIwSi4nEzfKtMp/f17THcF807zJIcGVb7RRBd98iFB6XPTGN4oGDlps86xcyySJ3L8wLe9YBCkCtaLMqniKoY4BgGoyC4UqW5xi7L+OM2lcIpQa5oRwvgRQHkOkMQond0lK5ydEZb4OHq+E0s/kgVQgNHUhdUSJZHEc9S5uo1t+OD1cYvTuJfkP8yLtmVSIeig01WzIOYAuR5melPCs1UdJX835RMHNpeVlaLdBQNbHvLq5Dm3AfOCFO
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA0PR19MB4508.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(786006)(18002099003)(56012099003)(22082099003)(38070700021)(7053199007)(13003099007)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KKO/EG66P2K+DnWo60Hq0rs8FVvTiuD65+3WDb7043uOgq9JnXxWbYUafUshPedXn807GDHn2soqVcD0dH090e/OUMXK7kqWV4/AA8nbgDJNjLe2A2MS/xCt3BIIAAsPVbPv+iNoHHB014YAwnjUtPpwmzVhD71B/d9IvvD/AbWPu2SwagWX2MGlvFTrmAru0v/32CCesYAp8DjtfpN1IjSTzd+8VkwKzP+PHclFxcE6k8nA6fIdl8u5DKWgeDAN5I2mvlnxhZ4rLlewBXcumYvkDnEJC2sI8mIUJaeCbTsPDjkSkHS1a5NJlOzHVhRiEiaDfF9iAP0LJtxtsIVtiP4cmmyuJn5lH/Tdxw44mZuR3+RjGz9aRSzbT8bEHCwOP8qImfwjZBiTMJDDqONoPdKh7t4QH9Bq5pi7zLsvbyDFDJ0UjOJHkskP1hC96akVGGHOLFzhV3wBUiT65xfJSmvm43xMsJvE3VnilQp6bY5iT5o7sMO7odxCd29CQpFl0MC7S0GA1nMM7crxk7AO4CxiHoqPFgNcuMqtyU20wbfDBpreFQVrv3ZBQiIunxQGn8aqxUc9jMIZBg2cAHQvJQPHqJtNXhZO720mPf+s/zPjVmRvwILu1ZYEMZCnt8Tcd/ovAV0voYbKnykLslBJlUqVUPcVpP9i3yHpUDY1boO1/r5Y9httVLpgEJq+5zCArAgUbB8y1tTdKlEtbCwHxidzQLvOrdARX9T3maKsrpB/0qdTVUrfwf/uZySRmw4yFXxxr6eb7Pa5llxdtGqswS2gLx/dPRgSYzaXPHrztBRALnXHw3uQ8dRg0Y7gGGGpLEJ33RDATLe/TYqbqCkcqSou1+6UzpLN3Cv0vHRaE9g2gTvqnYvwAYm3CFVvo0nhy3ogjLTBYzcpGYWLD6InZ/H6G5hxJzLwduZ8PuujS9Zvn+7DnEpA/0NpZp0eOrgCB0SD05TSUx6q7N1gkvvnU/X2jBB1N2y2gdjKxE+RJhj+NgydQdbmjQhUxN8vstJEE29X6myZuOFoBaaO0+fylhq095KCFbccTsHcjuZdZU5oigBhXbaHLNoc2lm3FIdThnCd2Rqj3JRysHtbGcf+472lPCCHE01+bmBFqJgewZvNp2KlAUJYtTRtt/o3BPOXdNAnWqw/l01ayvxDHWzO7kIHYoqmWmOq1fr6Rh/XGHuj+yUuRNlnHF//OALHewlUwoXHz7cBbcxsNSnneXjBJfT9k9RhzJW8uwKkULvfvDkWPzWFqvLEKxPbs4z2PRk4ydIAGJa32dgw3j4vKe5dClWRXHArFxap4ik+fvMmgzBCiMofSsj1WLZBH0k8q4Zj9Qlt2ELRG+iNbUGh93FvBkfoW38kvw9alOmobG0Iw7YBO471ISx236rpfLycQqY3KyprAa+sVCP3C3Whohqac1dVVcfQF8nzRj14Cde9Kq29OnkHJ6qCyxuxaETm8QAnXk89h1ky9itVpakBSTv8wKJOxttAUXddzXeHXfXXKGr8ed83T2NoW4/feRfv6F7E60x79hrEIHhX8rFVLh8NJVOT+mcD//Tjgxh2CxSSN/UNxm8UglILzo5nlCfL94/yECkulRKgsAC2ZgzwwXfEwtmyPy32ppVMLFisAZulqaZKjRw1LDc7hldTBqpLwwQhX5FM46rZGJkwyq0fp7lwpjrAM4yqoBkK0dTA3hScq31+Ir/ap/4B1i+prgG9nStm
Content-Type: multipart/alternative; boundary="_000_SA0PR19MB4508FBD7FD27AFE0A36A31539848ASA0PR19MB4508namp_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: XxSD2A0t36jBeYIW9S5HzN3LlUQ2+oz0RH6ewyWBfkzvp4fxeqdCljIRvRv44n4YQdEqID30X3dErLLal+Iwle45cf/cCJX7CntsAspa2QFwDvGqvWGT1z4BeSV96wEduTXO06WxcGGbHulTRgJiPmv7iFxXJW9Nw9Wd8q0b7bXprD6ebGdORg4PN1r5R0Y9rXjovVzQccDY2FUk8ZXQGe4i37/71Xd8NgKBP9Z0GuahIjez1sn8MeMa75XgwxzQHPlbPtZEXff+RGFroP38PXMWs4yW/Cb0N6ZsZ6nIldO6Le2SlD2KmvFapkqHWcDXcsRddE3dZjqVr8E18sgzOg==
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA0PR19MB4508.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ef696bce-ce0f-4eee-586e-08de89c5c11f
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2026 16:52:37.4207 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5fU2HGUOeI6o2eOAwu3Q5WMf45RRe5BKeMs0Qrpi2ZDrR5FAi68oYZLOhko1Bp9F81uV6LHdpC+W8HygM43L7A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN5PR19MB8840
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-24_03,2026-03-24_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 bulkscore=0 clxscore=1011 malwarescore=0 adultscore=0 priorityscore=1501 spamscore=0 suspectscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240131
X-Authority-Analysis: v=2.4 cv=QoBTHFyd c=1 sm=1 tr=0 ts=69c2c159 cx=c_pps a=j0++y401J6f/BxNAf5EDow==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=Yq5XynenixoA:10 a=VkNPw1HP01LnGYTKEx00:22 a=6gNNCFAoQcIphELLPWWu:22 a=PpEg0BoV_A2aca28hXd0:22 a=48vgC7mUAAAA:8 a=0FD05c-RAAAA:8 a=jU2thFBwAAAA:8 a=e9qsufxtAAAA:8 a=pGLkceISAAAA:8 a=QyXUC8HyAAAA:8 a=vnREMb7VAAAA:8 a=ajNGGDAxAAAA:8 a=XZo0mj0wNZeyf2-KjlYA:9 a=lqcHg5cX4UMA:10 a=QEXdDO2ut3YA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=tfnLaP80J0sU7c0UIm0A:9 a=EMmgtr93hrwdXuba:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=6UIaq3Bcl8oA:10 a=frz4AuCg-hUA:10 a=gbU3OgOOxF9bX48Letew:22 a=l1rpMCqCXRGZwUSuRcM3:22 a=fgvmDdrtego4Zrz-ANXk:22 a=yV_1l4Hi_z83VQGKXjVt:22
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI0MDEzMSBTYWx0ZWRfXysu7I6L5+rtK uV2x3+luIp7WhSnMYb96yq6zLJ81lMY0WvPrGy31mrPl+be5bzfvtnHGqGbQ+R3ZGcOGDmZqYGT IymuUrbVftMU/fjbUBcuNM3uhKeDHZNL7CL9rcntdNjs5LxqeqqcSUzXa2GE3RTLCKTIz4B85vo LFCPhPXn8FrtfjHmRJhtzYREUMxW02H+KcN/qcleaUd651sIeFNNA2NVmLC9xnMJnoQdcS2Fafv ox3GXjJi/mdwlllWzPY2whqZvJqRlLt/TcdhRXsksG+QIkewQkyYldFWTdWqq5uEJDuLknVoaau anND/nljDsoSQgs/DGj/iCZloTPOflnfIii7luDyod9RLH48HeAlHqDNM8pae8VschgZ+UhGQNq QT8+xYvI9Eadk509O9X1EG+yh5HDWYY9/kSVqXF2MPUYcE7S70nfMWnNd3Gzno31lVgv/0TaTlD cjDxLNjcdjkyaaEq1IA==
X-Proofpoint-ORIG-GUID: V1JFN_25qLMK-3yITg-hwbr710P2_sXY
X-Proofpoint-GUID: V1JFN_25qLMK-3yITg-hwbr710P2_sXY
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 suspectscore=0 spamscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603240131
Message-ID-Hash: QMW3WM3VMLBC3BMJWDHWT5X5PXNJQYUP
X-Message-ID-Hash: QMW3WM3VMLBC3BMJWDHWT5X5PXNJQYUP
X-MailFrom: prvs=15438d63c8=paul.koning@dell.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipsec.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Greg White <g.white@cablelabs.com>, Chris Box <chris.box@bt.com>, "chris.box.ietf@gmail.com" <chris.box.ietf@gmail.com>, "dibakar.das@intel.com" <dibakar.das@intel.com>, "Dmitry.Akhmetov@intel.com" <dmitry.akhmetov@intel.com>, Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPsec] Re: IPSEC and packet reordering
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/nPntT13UfrbEF5Hl36T9xAFoYP4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Owner: <mailto:ipsec-owner@ietf.org>
List-Post: <mailto:ipsec@ietf.org>
List-Subscribe: <mailto:ipsec-join@ietf.org>
List-Unsubscribe: <mailto:ipsec-leave@ietf.org>

RFC 2406 (IPSec ESP) specifies out of order handling.  It describes the use of a sliding window scheme, with a minimum size of 32 and a recommended default size of 64.  So clearly any conforming implementation will handle a fair amount of reordering; how much more than the minimum would be up to implementation choice, or perhaps set by an adjustable parameter.  For this reason I would not describe IPSec as “sensitive to reordering.

               paul



Internal Use - Confidential
From: Ingemar Johansson S <ingemar.s.johansson=40ericsson.com@dmarc.ietf.org>
Sent: Tuesday, March 24, 2026 5:15 AM
To: ipsec@ietf.org
Cc: Greg White <g.white@cablelabs.com>; Chris Box <chris.box@bt.com>; chris.box.ietf@gmail.com; dibakar.das@intel.com; Dmitry.Akhmetov@intel.com; Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
Subject: [IPsec] Re: IPSEC and packet reordering

Hi

I try and post this again. I think that we have a fairly good understanding about the implications of out of sequence delivery on the transport protocol level. What is lacking is an understanding on how IP Sec can handle out of sequence delivery and what the pain limits are. So any kind of input that helps us advance the https://datatracker.ietf.org/doc/draft-white-intarea-reordering/   draft is welcome.

Regards
Ingemar

From: Ingemar Johansson S <ingemar.s.johansson@ericsson.com<mailto:ingemar.s.johansson@ericsson.com>>
Sent: Thursday, 5 March 2026 10:40
To: ipsec@ietf.org<mailto:ipsec@ietf.org>
Cc: Greg White <g.white@cablelabs.com<mailto:g.white@cablelabs.com>>; Chris Box <chris.box@bt.com<mailto:chris.box@bt.com>>; chris.box.ietf@gmail.com<mailto:chris.box.ietf@gmail.com>; dibakar.das@intel.com<mailto:dibakar.das@intel.com>; Dmitry.Akhmetov@intel.com<mailto:Dmitry.Akhmetov@intel.com>; Ingemar Johansson S <ingemar.s.johansson@ericsson.com<mailto:ingemar.s.johansson@ericsson.com>>
Subject: Re : IPSEC and packet reordering

Hi

I re-listened in on the presentation by Chris Box at the IPSECME session at IETF-124
https://www.youtube.com/watch?v=ZwfypFEEcYY&t=6866s
The title was “Proposal for updates to Guidance on Packet Reordering”, with the accompanying IETF draft https://datatracker.ietf.org/doc/draft-white-intarea-reordering/
The topic of packet reordering has recently been brought up in the 3GPP RAN2 working group where HoL blocking due to link layer retransmission and and resequencing in 3GPP is seen as an issue.
https://www.3gpp.org/ftp/tsg_ran/WG2_RL2/TSGR2_133/Docs/R2-2600101.zip
Removing or modifying the resequencing in cellular networks would remedy the issue presented in the document. The question is how IPSEC in particular would manage this ?.

The discussion at the end of the IPSECME session gave some insight but I am not sure that it gave any conclusive message. So please comment on what can be recommended/tolelated in terms of packet reordering from an IP SEC perspective.

Regards
Ingemar + other authors of draft-white-intarea-reordering
=================================
Ingemar Johansson  M.Sc.
Master Researcher

Ericsson Research
GFTL ER NAP NCM Netw Proto & E2E Perf
Laboratoriegränd 11
977 53, Luleå, Sweden
+46-73 078 3289
ingemar.s.johansson@ericsson.com<mailto:ingemar.s.johansson@ericsson.com>
www.ericsson.com<http://www.ericsson.com/>

      Experience is merely the name
          men gave to their mistakes.
                     Oscar Wilde
=================================

v2.43.4 | Report a Bug | By Email | System Status