[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSE

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: GSE
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Sat, 22 Feb 2003 16:00:24 +0100
Cc: RJ Atkinson <rja@extremenetworks.com>, marcelo bagnulo <marcelo@it.uc3m.es>, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>, multi6@ops.ietf.org
In-reply-to: Your message of Sat, 22 Feb 2003 15:19:14 +0100. <20030222143351.H61596-100000@sequoia.muada.com>

 In your previous mail you wrote:

   On Sat, 22 Feb 2003, Francis Dupont wrote:

   > => two-space systems are still raisonable long term solutions, especially
   > HIP (Host Identity Payload Protocol) which doesn't share the security
   > concern on the binding between the locator and the identity.
   > (PS: and its overhead is not a problem for guys like me who'd like
   > to hide everything behind ESP :-).

   Is there a good write-up of HIP yet?

=> draft-jokela-hip-packets-xx.txt and old I-Ds by Robert Moskowitz.

   We should really watch the overhead, because most of the time it's
   simply unnecessary. Want do do voice over IP with IPsec? If you don't do
   the IPsec in the phone, you MUST use tunnel mode as per the RFC.

=> HIP is end-to-end.

   But you can't do routing over IPsec tunnels, so you need another
   GRE tunnel.

=> fortunately this is not 100% true.

   Then comes the ESP overhead, which is actually fairly small but they
   chose to inlcude padding, which IMO was a mistake. Also, the
   initialization vectors eat up a fair number of bytes, while it wouldn't
   be very hard to come up with a scheme where the IV isn't carried inside
   the packet.

=> both are properties of the algorithm(s), not of ESP itself.
And security has a price...

   Then of course we encapsulate all of this in an ethernet
   frame which wastes 64 bits on a preamble and 160 bits on an inter frame
   gap, which are necessary to make the manchester encoding work. Since we
   typically use ethernet with encodings that regulate this stuff at even
   lower layers, most of these 20 bytes are wasted for no reason.

   So in order to carry a 64 kbps voice stream in more or less 64 kbps and
   have a reasonable delay, we need to compress the actual payload by a
   factor 4 to make room for the overhead, which is then 78%. About half of
   this could be removed without any impact to functionality.

=> if they could be removed they could be compressed too.

   The problem with many headers is that they implement too much. Ideally,
   each function would have its own header so you only need to include the
   headers you're actually going to use. (IPv6 options have the right
   idea.) But of course that leads to header recognition overhead, where
   each header needs a header...

=> I am afraid we are outside the scope of the MULTI6 list.

Regards

Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- Re: GSE
  - From: Pekka Nikander <pekka.nikander@nomadiclab.com>
- Re: GSE
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Re: GSE
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: GSE
Next by Date: Re: GSE
Previous by thread: Re: GSE
Next by thread: Re: GSE
Index(es):
- Date
- Thread