[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

don't-fragment-flag on ftp & icmp

To: "'ipsec'" <ipsec@xxxxxxx>
Subject: don't-fragment-flag on ftp & icmp
From: CJ Gibson <cjgibson@xxxxxxxxxxxxxxxx>
Date: Tue, 16 Dec 1997 09:04:28 -0800
Sender: owner-ipsec@xxxxxxxxxx

I have a question about encryption: 
My IPSec implementation sits on an Ethernet LAN which has a max PDU size
of 1500. I've noticed that ftp builds IP packets at this max size and
then sends them with the don't-fragment-flag set to 1. Encryption
obviously adds bytes to the packet so how can I encrypt this without
fragmenting it? Are we supposed to ignore the flag & fragment anyway?
And how about ICMP (ping on my Sun sets the don't-fragment-flag as
well)??
What are the rest of you doing in this case??

Thanx for your input..
	CJ

Follow-Ups:
- Re: don't-fragment-flag on ftp & icmp
  - From: Dan McDonald

Prev by Date: NIST IPsec-WIT (Web-based Interoperability Tester) on-line
Next by Date: Re: don't-fragment-flag on ftp & icmp
Previous by thread: NIST IPsec-WIT (Web-based Interoperability Tester) on-line
Next by thread: Re: don't-fragment-flag on ftp & icmp
Index(es):
- Date
- Thread