On Jun 2, 2022, at 12:55 AM, Valery Smyslov <s...@elvis.ru> wrote:
>
> HI Joe,
>
> one more question:
>
> You can also note that there are ways to mitigate the cost of
> resync when
> this implementation is tightly coupled with TCP, e.g., by ensuring
> every Nth
> IPsec packet starts at the beginning of a new TCP packet.
>
> How would this help? Can you please elaborate?
If every 4th IPsec packet is always aligned to the TCP segment data start, then
resync checks could be simple and rapid - check only the first bytes for a
known pattern.
That makes resync happen with lower overhead, i.e., rather than searching the
whole payload.
Joe
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
