[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re[4]: PPP over IPSec (without L2TP)?

> -----Original Message-----
> From: Jim Tiller [mailto:tiller_j@ins.com]
> Sent: Thursday, October 14, 1999 3:09 PM
> To: Shriver, John
> Cc: 'Ari Huttunen'; ietf-ipsra@vpnc.org; ipsec@lists.tislabs.com
> Subject: Re[4]: PPP over IPSec (without L2TP)?
> OK, but I keep choking on one aspect.
> If PPP is encapsulated into L2TP, which basically assumes the
> form of an IP packet (right?) Doesn't the same issues of
> reordering exist? Eliminate IPSec for a second. I'm
> obviously not an L2TP dude, but I'm aware of in-band
> controls within L2TP that provide the options to the
> passenger protocol(s).

See section 5.4 of L2TP.

Of course, sequencing is optional.

> I guess my misunderstanding revolves
> around that if a packet is ultimately forwarded through an
> IP network, the odds of packets arriving at the destination
> in the wrong order are high. At that point don't the
> packets get reordered by the IP stack of the receiving system
> and then passed up the stack? At that point aren't the PPP
> LCPs and NCPs reordered inherently prior to de-encapsulation?

No.  The IP and UDP layers under L2TP don't do any correction of re-ordered
packets.  That is not part of the service contracto or IP or UDP, only of
TCP, which isn't involved.

> Please be patient with me, I know I'm missing a critical
> step and completely over simplifying the process.
> I just don't see the need for L2TP
> over IPSec, it's not sticking.

L2TP is heavier than what was needed.  It has a whole multiplexing layer for
many connections over one LAC/LNS connection, and there will only be one.

But, it is a standards-track protocol.  That's a plus, whether it's the
ideal protocol or not.  (It's not a standard by fiat like MS-CHAP.)

It also made it easier for Microsoft to integrate IPSec/VPN functionality
into Windows 2000.  The IPSec community gains by having such a widely
available IPSec implementation.