From owner-freebsd-security Mon Sep 25 2:15:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.doosys.com (smtp.doosys.com [195.64.50.136]) by hub.freebsd.org (Postfix) with ESMTP id 5894A37B422; Mon, 25 Sep 2000 02:14:57 -0700 (PDT) Received: from smtp.intra.doosys.com (IDENT:itcsrv-doosys@smtp.intra.doosys.com. [10.10.10.12]) by smtp.doosys.com (8.9.3/8.9.3) with ESMTP id LAA66313; Mon, 25 Sep 2000 11:07:06 +0200 (CEST) (envelope-from Bart_van_Leeuwen@doosys.com) From: Bart_van_Leeuwen@doosys.com Subject: Re: Encryption over IP To: Mipam Cc: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, Dag-Erling Smorgrav , freebsd-security@FreeBSD.ORG, James Wyatt , "Vladimir Mencl, MK, susSED" , owner-freebsd-security@FreeBSD.ORG, Peter Pentchev , CrazZzy Slash X-Mailer: Lotus Notes Release 5.0.4 June 8, 2000 Message-ID: Date: Mon, 25 Sep 2000 11:13:36 +0200 X-MIMETrack: Serialize by Router on ITCSRV/DOOSYS(Release 5.0.4a |July 24, 2000) at 09/25/2000 11:13:43 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org TCP over TCP has a few known problems, and the article you point at desribes one of those. Your claim about your connection however has little to do with it. Speed of the connection is of little importance, the packet loss you encounter however is of major importance. A T1 with 10% packet loss will not work well at all, 64kbit with 0% packet loss will work reasonably well. Bottem line, a dedicated tunneling protocol that does not use tcp as a transport layer is a very good idea. Bart van Leeuwen. mailto:Bart_van_Leeuwen@doosys.com http://www.doosys.com/ mailto:bart@ixori.demon.nl http://www.ixori.demon.nl/ Mipam Sent by: To: James Wyatt owner-freebsd-security@F cc: Dag-Erling Smorgrav , "Vladimir Mencl, MK, reeBSD.ORG susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev 25-09-2000 07:44 Subject: Re: Encryption over IP > Could you be a bit more specific? I can see where the extra overhead isn't > always pretty, but I can't see where it *hurts* things other than network > throughput. Actually the throughput doesn't suffer all *that* much, if you > measure it and you have medium packets. For short, telnet-class packets > the overhead is more noticable than FTP, NNTP, SMTP, HTTP, etc... - Jy@ Okay, here is a nice article concerning tcp over tcp: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html In here more details are worked out. I know many ppl deffer in this, however, my own experiences with tcp over tcp werent that good at all and i am working from a T1 connection, so i cant say that my connection is that slow. Anyway, my own experiences, together with this article why tcp over tcp can cause problems lead to my opinion that tcp over tcp isnt such a good idea. I was happy that i wasnt the only one who experienced problems with this. Plz read the above article, then consider again conerning tcp over tcp. Some ppl even claim that tcp over tcp, so that tcp has a reliable carrier, is a good idea in fact.... If they could bring in some arguments why, i could consider them. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message