Placement of IPCOMP header in IPSEC Tunnel mode
"Strahm, Bill" <bill.strahm@intel.com> Thu, 18 November 1999 00:15 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA16807; Wed, 17 Nov 1999 16:15:02 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id QAA00816 Wed, 17 Nov 1999 16:29:19 -0500 (EST)
Message-ID: <7DAA70BEB463D211AC3E00A0C96B7AB20344B38B@orsmsx41.jf.intel.com>
From: "Strahm, Bill" <bill.strahm@intel.com>
To: ipsec@lists.tislabs.com
Subject: Placement of IPCOMP header in IPSEC Tunnel mode
Date: Wed, 17 Nov 1999 13:32:25 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
I am confused about the placement of the IPComp header when used in Tunnel mode. >From RFC 2393 Section 2.1 In IP version 4 [RFC-0791], the compression is applied to the upper layer protocol (ULP) payload of the IP datagram. No portion of the IP header or the IP header options is compressed. Now in Tunnel mode I am building an IP packet that looks like this IP(outer)- IPSEC transform - IP(inner) - data I am convinced that the correct placement of a tunnel mode compression header is IP(outer) - IPSEC transform - IPCOMP - IP(inner) - data However from section 2.1 I can see a reading that says I am not to compress the IP header or options, so a packet would be built like this IP(outer) - IPSEC transform - IP(inner) - IPCOMP - data If this later packet is correct I would have a hard time determining if I should unapply compression at the gateway or the end host. Can I get some clarification on this point please ? Bill ______________________________________________ Bill Strahm Programming today is a race between bill.strahm@ software engineers striving to build intel.com bigger and better idiot-proof programs, (503) 264-4632 and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.--Rich Cook I am not speaking for Intel. And Intel rarely speaks for me