[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Re: PPP over IPSec (without L2TP)?
> -----Original Message-----
> From: Jim Tiller [mailto:firstname.lastname@example.org]
> Sent: Thursday, October 14, 1999 3:09 PM
> To: Shriver, John
> Cc: 'Ari Huttunen'; email@example.com; firstname.lastname@example.org
> Subject: Re: PPP over IPSec (without L2TP)?
> OK, but I keep choking on one aspect.
> If PPP is encapsulated into L2TP, which basically assumes the
> form of an IP packet (right?) Doesn't the same issues of
> reordering exist? Eliminate IPSec for a second. I'm
> obviously not an L2TP dude, but I'm aware of in-band
> controls within L2TP that provide the options to the
> passenger protocol(s).
See section 5.4 of L2TP.
Of course, sequencing is optional.
> I guess my misunderstanding revolves
> around that if a packet is ultimately forwarded through an
> IP network, the odds of packets arriving at the destination
> in the wrong order are high. At that point don't the
> packets get reordered by the IP stack of the receiving system
> and then passed up the stack? At that point aren't the PPP
> LCPs and NCPs reordered inherently prior to de-encapsulation?
No. The IP and UDP layers under L2TP don't do any correction of re-ordered
packets. That is not part of the service contracto or IP or UDP, only of
TCP, which isn't involved.
> Please be patient with me, I know I'm missing a critical
> step and completely over simplifying the process.
> I just don't see the need for L2TP
> over IPSec, it's not sticking.
L2TP is heavier than what was needed. It has a whole multiplexing layer for
many connections over one LAC/LNS connection, and there will only be one.
But, it is a standards-track protocol. That's a plus, whether it's the
ideal protocol or not. (It's not a standard by fiat like MS-CHAP.)
It also made it easier for Microsoft to integrate IPSec/VPN functionality
into Windows 2000. The IPSec community gains by having such a widely
available IPSec implementation.