Re: [Last-Call] [secdir] [IPsec] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jun 2, 2022, at 12:55 AM, Valery Smyslov <svan@xxxxxxxx> wrote:

HI Joe,
 
one more question:
 
          You can also note that there are ways to mitigate the cost of resync when
          this implementation is tightly coupled with TCP, e.g., by ensuring every Nth
          IPsec packet starts at the beginning of a new TCP packet.
 
         How would this help? Can you please elaborate?

If every 4th IPsec packet is always aligned to the TCP segment data start, then resync checks could be simple and rapid - check only the first bytes for a known pattern.

That makes resync happen with lower overhead, i.e., rather than searching the whole payload.

Joe
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux