On Sun, Jun 07, 2020 at 09:43:41PM -0400, Michael Richardson wrote: > > Steffen Klassert <steffen.klass...@secunet.com> wrote: > > This alterative usecase tries to solve the 'small packet' tunneling > > problem. Sending small packets over a tunnel usually creates quite a > > lot of overhead, as each packet needs to get it's own tunnel header > > etc. For IPsec, the situation is even worse as a cpu intensive crypto > > operation has to be applied for each of these small packets. With the > > IPTFS_PROTOCOL payload type, we could group small packets and send them > > into one big packet over the tunnel. This can avoid tunneling overhead > > because we need only one tunnel header for multiple packets. Also this > > method would be very data and instruction cache effective because > > multiple packets are processed together. The good thing is that the > > Linux forwarding path can already provide packets chains (GRO), so we > > would just need to take these packets chains and put them into big > > tunnel packets with IPTFS_PROTOCOL payload type. As a side effect, > > having IPTFS_PROTOCOL as a general purpose tunnel payload, it might be > > easier to argue for a new IP protocol number allocation. > > Does your use case include situations where this is not an IPsec tunnel?
My main usecase would be an IPsec tunnel, but the same can work for other tunnel types too. If we have an IP protocol number, it is just easy to use it outside of IPsec world, but I don't have a strong opinion on that. Steffen _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
