@techreport{ietf-ipsec-ecn-02,
    number =    {draft-ietf-ipsec-ecn-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-ipsec-ecn/02/},
    author =    {Sally Floyd and David L. Black and Dr. K. K. Ramakrishnan},
    title =     {{IPsec Interactions with ECN}},
    pagetotal = 24,
    year =      1999,
    month =     dec,
    day =       8,
    abstract =  {IPsec supports secure communication over potentially insecure network components such as intermediate routers. IPsec protocols support two operating modes, transport mode and tunnel mode. Explicit Congestion Notification (ECN) is an experimental addition to the IP architecture that provides notification of onset of congestion to delay- or loss- sensitive applications. ECN provides congestion notifications to enable adaptation to network conditions without the impact of dropped packets {[}RFC 2481{]}. The use of two bits in the IPsec header for ECN experimentation conflicts with header processing at IPsec tunnel endpoints in a manner that makes ECN unusable in the presence of IPsec tunnels. This document considers issues related to this conflict, describes two alternative solutions, and updates the IPsec architecture {[}RFC 2401{]} to include these alternatives. Support for one or the other of these alternatives is REQUIRED to remove the underlying conflict.},
}