> > On Dec 7, 2021, at 7:36 AM, Dino Farinacci <farina...@gmail.com> wrote: > >> That may help, but only in limited cases. >> >> E.g., let’s say you run IPsec tunnel mode for IPv6, which eats the majority >> of that space. Now that traffic runs over a second IPsec tunnel that you >> don’t know about. >> >> That’s the problem - and why MTU (i.e., having a max in the first place) is >> itself the problem. > > Yep, definitely true. But one should use IPsec tunnel mode sparingly.
Users don’t get to decide that. > It just costs too much. And having 2 levels would be regarded as execessive. They also just use tunnels that have similar impact. Multiple levels are common - because no single operator manages the entire E2E path. > Having said that, products may do this because security trumps all. > > But you make another point which is pretty fundamental and foundational. > Should data links be MTU-less, so to speak? And can they really do that. I > won't hold my breath. I don’t know yet, but I do know that’s what I *want* and why it’s different than simply assuming a smaller MTU anywhere in the system. Joe _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
