On 02/07/2013 07:34 AM, Karl Auer wrote: >>> Coming in very late and this has probably already been thought of, but >>> the ESP header *is* effectively a payload, and may need to be >>> fragmented. >> everything after the esp header is payload for everyone other than the >> intended recipient, who has more headers to unwrap once the payload has >> been decrypted. > > Er - yes. I just meant that you can't take the hard line that "headers > shall not be fragmented" (not that Brian was saying that) when at least > one header may have to be. There will only be more headers to unwrap in > tunnel mode.
>From the pov of this I-D, ESP is the "upper layer protocol". So as long as you have everythin till the ESP header in the first fragment, you're fine. I could add a clarification, if you want (for instance, I added something along those lines in draft-ietf-v6ops-ra-guard-implementation) Thanks! -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------