[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-winter-radsec-01 published

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: draft-winter-radsec-01 published
From: Alan DeKok <aland@nitros9.org>
Date: Sat, 09 Feb 2008 08:58:50 +0100
Cc: "David B. Nelson" <dnelson@elbrysnetworks.com>, Stefan Winter <stefan.winter@restena.lu>, radiusext@ops.ietf.org
In-reply-to: <BLU137-W42ECF977F272B31A5513C7932F0@phx.gbl>
References: <200802080933.49040.stefan.winter@restena.lu> <200802081056.29687.stefan.winter@restena.lu> <47AC28B1.3030205@nitros9.org> <200802081115.00527.stefan.winter@restena.lu> <47AC2D89.1060604@deployingradius.com> <BLU137-W18CAAF65522F145E4A277A932F0@phx.gbl> <47AC6789.4050002@elbrysnetworks.com> <BLU137-W42ECF977F272B31A5513C7932F0@phx.gbl>
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

Bernard Aboba wrote:
> To even know whether the packets are IPsec/IKE, it would be necessary to
> reassemble them.  So
> I don't see how they could be treated differently.

  They won't.  But administrators can lower the MTU for IPSec
connections until it "just works".  At that point, protocols transported
inside of IPSec are fine.

  This can't be done on the supplicant, because it only sees it's local
MTU.  There is no feedback mechanism to lower this MTU to account for
later RADIUS encapsulation.

  The IPSec solution is less about automated path MTU discovery than
administrator trial and error until "it seems to work".

  Adding a feedback mechanism to EAP for MTU could be useful.  The only
reasonable place to put this information is in the first packet sent by
the EAP server.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- draft-winter-radsec-01 published
  - From: Stefan Winter <stefan.winter@restena.lu>
- Re: draft-winter-radsec-01 published
  - From: Stefan Winter <stefan.winter@restena.lu>
- Re: draft-winter-radsec-01 published
  - From: Alan DeKok <aland@nitros9.org>
- Re: draft-winter-radsec-01 published
  - From: Stefan Winter <stefan.winter@restena.lu>
- Re: draft-winter-radsec-01 published
  - From: Alan DeKok <aland@deployingradius.com>
- RE: draft-winter-radsec-01 published
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- Re: draft-winter-radsec-01 published
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: draft-winter-radsec-01 published
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: RE: draft-winter-radsec-01 published
Next by Date: RE: Review of RADIUS Design Guidelines document
Previous by thread: RE: draft-winter-radsec-01 published
Next by thread: Re: draft-winter-radsec-01 published
Index(es):
- Date
- Thread