12 IPsec
As we said in Chapter 11 Communication Session Establishment, IPsec is a secure session protocol that runs on top of network layer 3 (see§11.7 What Layer?). The implication of running directly on layer 3 (e.g., IP) is that each packet is independently cryptographically protected. IPsec does not guarantee that all packets will arrive or that those that do arrive will be delivered in the order they were sent. IPsec only guarantees that packets that do not meet the integrity check will be discarded, and packets that are duplicates will be discarded. This design makes it easy to implement in network adapters. IPsec does not need to buffer packets. IPsec can process and deliver packets independently, even if they arrive out of order. IPsec ...
Get Network Security: Private Communications in a Public World, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
