Skip to main content

IPsec Interactions with ECN
draft-ietf-ipsec-ecn-02

Document Type Expired Internet-Draft (ipsec WG)
Expired & archived
Authors Sally Floyd, David L. Black , Dr. K. K. Ramakrishnan
Last updated 1999-12-08
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Informational
Formats
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

IPsec supports secure communication over potentially insecure network components such as intermediate routers. IPsec protocols support two operating modes, transport mode and tunnel mode. Explicit Congestion Notification (ECN) is an experimental addition to the IP architecture that provides notification of onset of congestion to delay- or loss- sensitive applications. ECN provides congestion notifications to enable adaptation to network conditions without the impact of dropped packets [RFC 2481]. The use of two bits in the IPsec header for ECN experimentation conflicts with header processing at IPsec tunnel endpoints in a manner that makes ECN unusable in the presence of IPsec tunnels. This document considers issues related to this conflict, describes two alternative solutions, and updates the IPsec architecture [RFC 2401] to include these alternatives. Support for one or the other of these alternatives is REQUIRED to remove the underlying conflict.

Authors

Sally Floyd
David L. Black
Dr. K. K. Ramakrishnan

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)