Content-Type: multipart/alternative; boundary="------------010806000205040100060309" --------------010806000205040100060309 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Guys, Thinking about this, what is the difference between running IPSec *tunnel* mode, compared to running an ip-in-ip tunnel (as set up by ip tunnel add ??? mode ipip and then slapping on IPSec *transport* mode?=20 And wouldn't that end up copying the TOS bits as required by the op without the additional GRE overhead? Kind Regards, Jaco Kroon On 10/07/2013 09:38, Stefan Bauer wrote: > -----Urspr=C3=BCngliche Nachricht----- > Von: Stephen Clark > Gesendet: Di 09.07.2013 22:24 > Betreff: Re: [Ipsec-tools-devel] tos bits propagated to the ipsec ip he= ader > An: ipsec-tools-devel ;=20 >> Actually I had done a >> ip tunnel change gre1 tos inherit >> >> which seemed to have made the tos bits from the gre tunnel be >> propagated to the esp header. > Hi Stephen, > > just to sum this up for myself :) If you're using ipsec in transport mo= de, the original ip-header from your gre-tunnel with the correct TOS-bits= set is all the time present with ipsec. the above command `ip tunnel cha= nge grep1 tos inherit` is just propagading the TOS-bits from the ip-packa= ge inside the gre-tunnel to the new ip-header from the gre tunnel. Am i r= ight? > > Stefan > > -----------------------------------------------------------------------= ------- > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=3D48808831&iu=3D/4140/ost= g.clktrk > _______________________________________________ > Ipsec-tools-devel mailing list > Ipsec-tools-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel --------------010806000205040100060309 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Guys,

Thinking about this, what is the difference between running IPSec *tunnel* mode, compared to running an ip-in-ip tunnel (as set up by ip tunnel add ??? mode ipip and then slapping on IPSec *transport* mode?=C2=A0 And wouldn't that end up copying the TOS = bits as required by the op without the additional GRE overhead?

Kind Regards,
Jaco Kroon

On 10/07/2013 09:38, Stefan Bauer wrote:
-----Urspr=C3=BCngliche Nachricht-----
Von:	Stephen Clark <sclark46@earthlink.net>
Gesendet:	Di 09.07.2013 22:24
Betreff:	Re: [Ipsec-tools-devel] tos bits propagated to the ipsec ip head=
er
An:	ipsec-tools-devel <ipsec-tools-devel@lists.sourc=
eforge.net>;=20
Actually I had done a
ip tunnel change gre1 tos inherit

which seemed to have made the tos bits from the gre tunnel be
propagated to the esp header.
Hi Stephen,

just to sum this up for myself :) If you're using ipsec in transport mode=
, the original ip-header from your gre-tunnel with the correct TOS-bits s=
et is all the time present with ipsec. the above command `ip tunnel chang=
e grep1 tos inherit` is just propagading the TOS-bits from the ip-package=
 inside the gre-tunnel to the new ip-header from the gre tunnel. Am i rig=
ht?

Stefan

-------------------------------------------------------------------------=
-----
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.do=
ubleclick.net/gampad/clk?id=3D48808831&iu=3D/4140/ostg.clktrk
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/lis=
tinfo/ipsec-tools-devel

--------------010806000205040100060309--