[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving PIC forwards

To: Bernard Aboba <aboba@xxxxxxxxxxxxx>
Subject: Re: Moving PIC forwards
From: Jari Arkko <Jari.Arkko@xxxxxxxxxxxxxxx>
Date: Wed, 31 Oct 2001 12:10:03 +0200
Cc: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>, ietf-ipsra@xxxxxxxx
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Organization: Oy L M Ericsson Ab
References: <>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx


>I'd like the protocol to run over TCP, so that we
>can handle large certificate payloads without fragmentation. 

A concern with PIC is the added RTTs, which
are a pain in cellular networks. Making the
protocol run over TCP would make things worse.
I suggest that we still keep the UDP bearer and
deal with the routers that may exist in between.

Besides, for the problem to occur you must have
a firewalling router between the businessman's
PC and the corporate PIC node /VPN gateway. How
likely is that? Network operators hopefully shouldn't
be filtering your traffic, so that leaves the
corporate network border routers possibly in front
of the PIC/VPN nodes. If they can't handle fragmented
UDP packets, the network manager can upgrade the
routers at the same time he installs PIC. Or?

Jari

Follow-Ups:
- Re: Moving PIC forwards
  - From: Bernard Aboba

References:
- Re: Moving PIC forwards
  - From: Bernard Aboba

Prev by Date: Re: Moving PIC forwards
Next by Date: Re: Moving PIC forwards
Previous by thread: Re: Moving PIC forwards
Next by thread: Re: Moving PIC forwards
Index(es):
- Date
- Thread