Re: IPSEC transport mode w/2.2.x kernels and large packets

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: fierce@fierce.com: "- DPT SmartRaid V scsi drivers. *NEW* -"
• Previous message: Pavel Machek: "Re: Request help for Linux mouse driver"
• Next in thread: Andi Kleen: "Re: IPSEC transport mode w/2.2.x kernels and large packets"
• Reply: Andi Kleen: "Re: IPSEC transport mode w/2.2.x kernels and large packets"
• Reply: Richard Guy Briggs: "Re: IPSEC transport mode w/2.2.x kernels and large packets"
• Reply: kuznet@ms2.inr.ac.ru: "Re: IPSEC transport mode w/2.2.x kernels and large packets"

What I suggested is a bit cleverer than that

Set the MTU to 64K
Set the MSS on the routers to the estimated path mtu

Now TCP generates frames the right size for optimal performance, everything
else hands down full datagrams and the world is a happier place.

You can't run path MTU discovery with IPsec. The DF could be faked and aimed
at dropping your link to unusably low speeds. Ignoring the DF could equally
be a complete link failure. So you don't run mtu discovery.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: fierce@fierce.com: "- DPT SmartRaid V scsi drivers. *NEW* -"
• Previous message: Pavel Machek: "Re: Request help for Linux mouse driver"
• Next in thread: Andi Kleen: "Re: IPSEC transport mode w/2.2.x kernels and large packets"
• Reply: Andi Kleen: "Re: IPSEC transport mode w/2.2.x kernels and large packets"
• Reply: Richard Guy Briggs: "Re: IPSEC transport mode w/2.2.x kernels and large packets"
• Reply: kuznet@ms2.inr.ac.ru: "Re: IPSEC transport mode w/2.2.x kernels and large packets"