On 06.03.20 15:58, Tobias Brunner wrote: > Hi Felipe, > >> I see that the first packet in matching >> traffic is always lost: in a ping session, packet with seq=1 never makes >> it to the other side, only from seq=2 onwards. >> >> Why does this happen? > It's a known property of the Linux kernel. Packets, in particular the > triggering one, are not cached and lost until the IPsec SAs are established. > >> and is there a way to avoid it? > Not that I'm aware. > >> I'm thinking about >> SNMP traps over IPSec that are not retransmitted since they use UDP. > Neither UDP, IP, nor IPsec guarantee delivery of any sent packets, you > always have to reckon with packet loss. > > Regards, > Tobias
Use SNMPv3 informs. The SNMP manager sends a confirmation having received it. Mit freundlichen Grüßen, -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: OpenPGP digital signature
