HI Joe,
On Jun 2, 2022, at 12:55 AM, Valery Smyslov < <mailto:s...@elvis.ru> s...@elvis.ru> wrote: HI Joe, one more question: You can also note that there are ways to mitigate the cost of resync when this implementation is tightly coupled with TCP, e.g., by ensuring every Nth IPsec packet starts at the beginning of a new TCP packet. How would this help? Can you please elaborate? If every 4th IPsec packet is always aligned to the TCP segment data start, then resync checks could be simple and rapid - check only the first bytes for a known pattern. That makes resync happen with lower overhead, i.e., rather than searching the whole payload. Interesting idea, but how the receiving node would know that sending node employs this method? And, in my understanding some middleboxes can re-arrange TCP segments, merging and splitting them, so the beginning of IPsec packet may still appear in the middle of TCP segment (the same can happen with retransmissions, but I guess you assume that sending TCP/IP stack would take care in this case, but it adds complexity). So, I think that the idea is interesting, but the additional complexity and unreliability makes it not so attractive. Regards, Valery. Joe
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
